IRC log of webauthn on 2017-06-21

Timestamps are in UTC.

16:56:18 [RRSAgent]

RRSAgent has joined #webauthn

16:56:18 [RRSAgent]

logging to http://www.w3.org/2017/06/21-webauthn-irc

16:56:20 [trackbot]

RRSAgent, make logs public

16:56:20 [Zakim]

Zakim has joined #webauthn

16:56:22 [trackbot]

Zakim, this will be

16:56:22 [Zakim]

I don't understand 'this will be', trackbot

16:56:23 [trackbot]

Meeting: Web Authentication Working Group Teleconference

16:56:23 [trackbot]

Date: 21 June 2017

16:56:30 [weiler]

agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Jun/0201.html

16:56:58 [weiler]

weiler has joined #webauthn

16:59:31 [wseltzer]

regrets+ wseltzer

16:59:37 [weiler]

present+ weiler

17:00:18 [selfissued]

selfissued has joined #webauthn

17:02:06 [jeffh]

jeffh has joined #webauthn

17:02:12 [gmandyam]

gmandyam has joined #webauthn

17:02:20 [gmandyam]

present+ gmandyam

17:02:36 [apowers]

apowers has joined #webauthn

17:03:12 [weiler]

present+ selfissued, nadalin, JFontana, apowers

17:03:39 [weiler]

present+ Angelo

17:04:20 [weiler]

present+ ChristiaanBrand

17:06:32 [weiler]

present+ JeffH

17:06:42 [weiler]

scribe: gmandyam

17:06:57 [weiler]

present+ AkshayKumar

17:07:43 [gmandyam]

Tony - examine open PR's for WD-06

17:08:40 [gmandyam]

First up - PR 379: https://github.com/w3c/webauthn/pull/379

17:09:30 [gmandyam]

AngeloKai: Need to merge in master. There are some privacy concerns. Would like to get input from other browser vendors - particularly Moz (JC Jones).

17:09:47 [gmandyam]

Nadalin - does Google have a similar use case to PR 379

17:10:22 [gmandyam]

AngeloKai - there is a general problem on how to find authenticators that will work with the user. (in response to Google request for explanation)

17:11:13 [denis]

denis has joined #webauthn

17:11:30 [jeffh]

much of the discussion is in this issue: https://github.com/w3c/webauthn/issues/345

17:11:37 [gmandyam]

AngeloKai - using this feature (isAuthReady), the RP can decide what user experience they need to provide to the user to direct them to attach authenticators if necessary

17:11:41 [weiler]

weiler has changed the topic to: agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Jun/0201.html

17:11:48 [denis]

denis has left #webauthn

17:12:02 [gmandyam]

ChristaanBrand - understood. No objection at this time.

17:12:27 [gmandyam]

jeffh - PR is still not ready to merge

17:12:56 [gmandyam]

ChristiaanBrand - it is a nice-to-have feature, but we won't prioritize implementation

17:15:06 [gmandyam]

ChristiaanBrand - to clarify - we may not implement feature as RP, but will implement in browser if it becomes part of the standard

17:16:06 [gmandyam]

AngeloKai - there are precedents in the web platform, e.g. Permissions API

17:16:14 [gmandyam]

jeffH - why not use Permissions API?

17:17:18 [gmandyam]

AngeloKai - because Permissions API asks the user for permission to use an API. In this case, you are asking the user to create a credential.

17:20:01 [jeffh]

gmandyam: why is not the perms api relevant to platform authenticators (authnrs) ?

17:21:50 [jeffh]

christiaan: two things here: (a) whether the user wants to reg with RP (?), and (b) whether user gives RP perms to interact with authnr [not sure i got this correctly..]

17:22:06 [gmandyam]

ChristaanBrand - the issues of authenticator availability and granting permissions to the API are orthogonal. I don't know if we want a flow where we need an additional permission grant from the user when the user interaction is required for the credential already.

17:22:14 [jeffh]

... do we need two perms models here for these two aspects ?

17:23:50 [gmandyam]

AngeloKai - a permissions API for e.g. geolocation will allow application access to GPS. The resulting action (return of location) data due to grant of permission is well understood.

17:24:24 [gmandyam]

AngeloKai - with webauthn, there is more than just grant of the API permission. There is a user gesture required.

17:25:59 [jeffh]

s/employes/employed/

17:26:41 [gmandyam]

s/(return of location) data/(return of location data)

17:27:17 [gmandyam]

AngeloKai - will augment intro section to better describe UI flow in PR

17:27:30 [gmandyam]

AngeloKai - this will also address outstanding TAG issue

17:27:57 [gmandyam]

jeffh - the rationale of why this is only for platform authenticators needs to be in the spc

17:28:06 [gmandyam]

s/spc/spec

17:28:56 [gmandyam]

AngeloKai - Still need a solution for detecting whether device is paired with authenticator

17:29:28 [gmandyam]

ChristiaanBrand - not sure this applies to cross-platform authenticators.

17:30:19 [gmandyam]

nadalin - will keep as WD-06 pending Moz input

17:30:42 [gmandyam]

If still open by WD-06 publish date, can move to CR milestone

17:31:45 [gmandyam]

nadalin - next PR https://github.com/w3c/webauthn/pull/460. Still needs work.

17:33:44 [gmandyam]

gmandyam - will close out https://github.com/w3c/webauthn/pull/484 and replace with new PR refining terminology section.

17:34:29 [gmandyam]

https://github.com/w3c/webauthn/pull/495 and https://github.com/w3c/webauthn/pull/498 need to be reviewed

17:35:54 [gmandyam]

jeffh - https://github.com/w3c/webauthn/pull/498 is meant to address some algorithm breakage to to 384 merge. (see https://github.com/w3c/webauthn/issues/472#issuecomment-309871552)

17:36:18 [gmandyam]

jeffh - there look to be broader issues with webauthn algorithms violating the web model

17:36:54 [gmandyam]

jeffh - reopened Zbarsky's issue that was fixed with PR 371 due to PR 384 breakage

17:37:11 [gmandyam]

nadalin - is this WD-06 issue?

17:37:20 [gmandyam]

jeffh - we can delay to CR

17:37:44 [gmandyam]

selfissued - we should touch base with mwest re: credential spec

17:38:06 [gmandyam]

nadalin - goal is to make WD-06 as close to CR as possible

17:38:25 [gmandyam]

jeffh - 60-70 issues are tagged CR

17:40:49 [gmandyam]

AngeloKai - algorithm fix up would be good. It might be good to reclassify several CR-tagged issues.

17:42:27 [gmandyam]

nadalin - not detecting major changes in WD-06 versus WD-05

17:42:44 [gmandyam]

jeffh - a diff between current state and last WD would show significant changes

17:44:17 [gmandyam]

AngeloKai - TLS-related items should be addressed as well]

17:44:28 [gmandyam]

s/]/

17:45:17 [gmandyam]

jeffH - such issues should not necessarily be addressed in WD-06. Expect more WD's between -06 and CR. And CR does not mean we are done.

17:45:37 [gmandyam]

AngeloKai - and we have other spec reviews that will come up

17:46:35 [gmandyam]

jeffH - think there will be a WD-07. 495 and 498 don't necessarily need to be in WD-06

17:46:42 [gmandyam]

nadalin - will leave at WD-06 for now

17:47:10 [gmandyam]

Review of issues impacting -06 ...

17:47:44 [gmandyam]

See https://github.com/w3c/webauthn/milestone/10

17:49:41 [gmandyam]

jeffH - maybe we don't need to get hung up on milestones.Just rely on ED.

17:49:51 [gmandyam]

nadalin - nominate AngeloKai as backup editor.

17:50:32 [gmandyam]

jeffH - update mastheads to designate former editors.

17:54:36 [gmandyam]

jeffH - request someone to address issues 283 and 292

17:55:05 [gmandyam]

AngeloKai - will take on assignment

17:55:51 [gmandyam]

jeffH - intending to propose PR for issue 278

17:57:01 [gmandyam]

jeffH - need volunteers for unassigned issues

17:58:10 [gmandyam]

selfissued - will take on issue 488

17:59:44 [gmandyam]

345 assigned to AngeloKai

18:01:16 [gmandyam]

nadalin - will have meeting on July 5

18:01:21 [gmandyam]

Meeting adjourned

18:01:24 [weiler]

rrsagent, draft minutes

18:01:24 [RRSAgent]

I have made the request to generate http://www.w3.org/2017/06/21-webauthn-minutes.html weiler

18:01:35 [weiler]

rrsagent, make log public

18:01:37 [weiler]

rrsagent, draft minutes

18:01:37 [RRSAgent]

I have made the request to generate http://www.w3.org/2017/06/21-webauthn-minutes.html weiler

18:11:48 [jfontana]

jfontana has joined #webauthn

18:13:07 [weiler]

chair: nadalin, jfontana

18:13:09 [weiler]

rrsagent, draft minutes

18:13:09 [RRSAgent]

I have made the request to generate http://www.w3.org/2017/06/21-webauthn-minutes.html weiler

19:13:24 [Zakim]

Zakim has left #webauthn

19:23:45 [weiler]

weiler has joined #webauthn

19:24:21 [weiler_]

weiler_ has joined #webauthn

20:27:36 [weiler_]

weiler_ has joined #webauthn

20:28:47 [weiler__]

weiler__ has joined #webauthn