16:56:18 <RRSAgent> RRSAgent has joined #webauthn
16:56:18 <RRSAgent> logging to http://www.w3.org/2017/06/21-webauthn-irc
16:56:20 <trackbot> RRSAgent, make logs public
16:56:20 <Zakim> Zakim has joined #webauthn
16:56:22 <trackbot> Zakim, this will be
16:56:22 <Zakim> I don't understand 'this will be', trackbot
16:56:23 <trackbot> Meeting: Web Authentication Working Group Teleconference
16:56:23 <trackbot> Date: 21 June 2017
16:56:30 <weiler> agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Jun/0201.html
16:56:58 <weiler> weiler has joined #webauthn
16:59:31 <wseltzer> regrets+ wseltzer
16:59:37 <weiler> present+ weiler
17:00:18 <selfissued> selfissued has joined #webauthn
17:02:06 <jeffh> jeffh has joined #webauthn
17:02:12 <gmandyam> gmandyam has joined #webauthn
17:02:20 <gmandyam> present+ gmandyam
17:02:36 <apowers> apowers has joined #webauthn
17:03:12 <weiler> present+ selfissued, nadalin, JFontana, apowers
17:03:39 <weiler> present+ Angelo
17:04:20 <weiler> present+ ChristiaanBrand
17:06:32 <weiler> present+ JeffH
17:06:42 <weiler> scribe: gmandyam
17:06:57 <weiler> present+ AkshayKumar
17:07:43 <gmandyam> Tony - examine open PR's for WD-06
17:08:40 <gmandyam> First up - PR 379:  https://github.com/w3c/webauthn/pull/379
17:09:30 <gmandyam> AngeloKai:  Need to merge in master.  There are some privacy concerns.  Would like to get input from other browser vendors - particularly Moz (JC Jones).
17:09:47 <gmandyam> Nadalin - does Google have a similar use case to PR 379
17:10:22 <gmandyam> AngeloKai - there is a general problem on how to find authenticators that will work with the user. (in response to Google request for explanation)
17:11:13 <denis> denis has joined #webauthn
17:11:30 <jeffh> much of the discussion is in this issue: https://github.com/w3c/webauthn/issues/345
17:11:37 <gmandyam> AngeloKai - using this feature (isAuthReady), the RP can decide what user experience they need to provide to the user to direct them to attach authenticators if necessary
17:11:41 <weiler> weiler has changed the topic to: agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Jun/0201.html
17:11:48 <denis> denis has left #webauthn
17:12:02 <gmandyam> ChristaanBrand - understood.  No objection at this time.
17:12:27 <gmandyam> jeffh - PR is still not ready to merge
17:12:56 <gmandyam> ChristiaanBrand - it is a nice-to-have feature, but we won't prioritize implementation
17:15:06 <gmandyam> ChristiaanBrand - to clarify - we may not implement feature as RP, but will implement in browser if it becomes part of the standard
17:16:06 <gmandyam> AngeloKai - there are precedents in the web platform, e.g. Permissions API
17:16:14 <gmandyam> jeffH - why not use Permissions API?
17:17:18 <gmandyam> AngeloKai - because Permissions API asks the user for permission to use an API.  In this case, you are asking the user to create a credential.
17:20:01 <jeffh> gmandyam: why is not the perms api relevant to platform authenticators (authnrs) ?
17:21:50 <jeffh> christiaan: two things here: (a) whether the user wants to reg with RP (?), and (b) whether user gives RP perms to interact with authnr  [not sure i got this correctly..]
17:22:06 <gmandyam> ChristaanBrand - the issues of authenticator availability and granting permissions to the API are orthogonal.  I don't know if we want a flow where we need an additional permission grant from the user when the user interaction is required for the credential already.
17:22:14 <jeffh> ... do we need two perms models here for these two aspects ?
17:23:50 <gmandyam> AngeloKai - a permissions API for e.g. geolocation will allow application access to GPS.  The resulting action (return of location) data due to grant of permission is well understood.
17:24:24 <gmandyam> AngeloKai - with webauthn, there is more than just grant of the API permission.  There is a user gesture required.
17:25:59 <jeffh> s/employes/employed/
17:26:41 <gmandyam> s/(return of location) data/(return of location data)
17:27:17 <gmandyam> AngeloKai - will augment intro section to better describe UI flow in PR
17:27:30 <gmandyam> AngeloKai - this will also address outstanding TAG issue
17:27:57 <gmandyam> jeffh - the rationale of why this is only for platform authenticators needs to be in the spc
17:28:06 <gmandyam> s/spc/spec
17:28:56 <gmandyam> AngeloKai - Still need a solution for detecting whether device is paired with authenticator
17:29:28 <gmandyam> ChristiaanBrand - not sure this applies to cross-platform authenticators.
17:30:19 <gmandyam> nadalin - will keep as WD-06 pending Moz input
17:30:42 <gmandyam> If still open by WD-06 publish date, can move to CR milestone
17:31:45 <gmandyam> nadalin - next PR https://github.com/w3c/webauthn/pull/460. Still needs work.
17:33:44 <gmandyam> gmandyam - will close out https://github.com/w3c/webauthn/pull/484 and replace with new PR refining terminology section.
17:34:29 <gmandyam> https://github.com/w3c/webauthn/pull/495 and https://github.com/w3c/webauthn/pull/498 need to be reviewed
17:35:54 <gmandyam> jeffh - https://github.com/w3c/webauthn/pull/498 is meant to address some algorithm breakage to to 384 merge. (see https://github.com/w3c/webauthn/issues/472#issuecomment-309871552)
17:36:18 <gmandyam> jeffh - there look to be broader issues with webauthn algorithms violating the web model
17:36:54 <gmandyam> jeffh - reopened Zbarsky's issue that was fixed with PR 371 due to PR 384 breakage
17:37:11 <gmandyam> nadalin - is this WD-06 issue?
17:37:20 <gmandyam> jeffh - we can delay to CR
17:37:44 <gmandyam> selfissued - we should touch base with mwest re: credential spec
17:38:06 <gmandyam> nadalin - goal is to make WD-06 as close to CR as possible
17:38:25 <gmandyam> jeffh - 60-70 issues are tagged CR
17:40:49 <gmandyam> AngeloKai - algorithm fix up would be good. It might be good to reclassify several CR-tagged issues.
17:42:27 <gmandyam> nadalin - not detecting major changes in WD-06 versus WD-05
17:42:44 <gmandyam> jeffh - a diff between current state and last WD would show significant changes
17:44:17 <gmandyam> AngeloKai - TLS-related items should be addressed as well]
17:44:28 <gmandyam> s/]/
17:45:17 <gmandyam> jeffH - such issues should not necessarily be addressed in WD-06.  Expect more WD's between -06 and CR.  And CR does not mean we are done.
17:45:37 <gmandyam> AngeloKai - and we have other spec reviews that will come up
17:46:35 <gmandyam> jeffH - think there will be a WD-07.  495 and 498 don't necessarily need to be in WD-06
17:46:42 <gmandyam> nadalin - will leave at WD-06 for now
17:47:10 <gmandyam> Review of issues impacting -06 ...
17:47:44 <gmandyam> See https://github.com/w3c/webauthn/milestone/10
17:49:41 <gmandyam> jeffH - maybe we don't need to get hung up on milestones.Just rely on ED.
17:49:51 <gmandyam> nadalin - nominate AngeloKai as backup editor.
17:50:32 <gmandyam> jeffH - update mastheads to designate former editors.
17:54:36 <gmandyam> jeffH - request someone to address issues 283 and 292
17:55:05 <gmandyam> AngeloKai - will take on assignment
17:55:51 <gmandyam> jeffH - intending to propose PR for issue 278
17:57:01 <gmandyam> jeffH - need volunteers for unassigned issues
17:58:10 <gmandyam> selfissued - will take on issue 488
17:59:44 <gmandyam> 345 assigned to AngeloKai
18:01:16 <gmandyam> nadalin - will have meeting on July 5
18:01:21 <gmandyam> Meeting adjourned
18:01:24 <weiler> rrsagent, draft minutes
18:01:24 <RRSAgent> I have made the request to generate http://www.w3.org/2017/06/21-webauthn-minutes.html weiler
18:01:35 <weiler> rrsagent, make log public
18:01:37 <weiler> rrsagent, draft minutes
18:01:37 <RRSAgent> I have made the request to generate http://www.w3.org/2017/06/21-webauthn-minutes.html weiler
18:11:48 <jfontana> jfontana has joined #webauthn
18:13:07 <weiler> chair: nadalin, jfontana
18:13:09 <weiler> rrsagent, draft minutes
18:13:09 <RRSAgent> I have made the request to generate http://www.w3.org/2017/06/21-webauthn-minutes.html weiler
19:13:24 <Zakim> Zakim has left #webauthn
19:23:45 <weiler> weiler has joined #webauthn
19:24:21 <weiler_> weiler_ has joined #webauthn
20:27:36 <weiler_> weiler_ has joined #webauthn
20:28:47 <weiler__> weiler__ has joined #webauthn