IRC log of webauthn on 2017-08-09
Timestamps are in UTC.
- 16:39:35 [RRSAgent]
- RRSAgent has joined #webauthn
- 16:39:35 [RRSAgent]
- logging to http://www.w3.org/2017/08/09-webauthn-irc
- 16:39:37 [trackbot]
- RRSAgent, make logs public
- 16:39:37 [Zakim]
- Zakim has joined #webauthn
- 16:39:39 [trackbot]
- Zakim, this will be
- 16:39:39 [Zakim]
- I don't understand 'this will be', trackbot
- 16:39:40 [trackbot]
- Meeting: Web Authentication Working Group Teleconference
- 16:39:40 [trackbot]
- Date: 09 August 2017
- 16:40:02 [weiler]
- present?
- 16:40:06 [weiler]
- present+
- 16:45:58 [weiler]
- present+ jbradley
- 16:53:45 [dmitriz]
- dmitriz has joined #webauthn
- 16:54:48 [Jbradley_]
- Jbradley_ has joined #Webauthn
- 16:55:58 [wseltzer]
- present+
- 16:56:07 [dmitriz]
- present+
- 17:00:22 [jcj_moz]
- present+
- 17:01:27 [jeffh]
- jeffh has joined #webauthn
- 17:02:17 [kpaulh]
- kpaulh has joined #webauthn
- 17:02:34 [weiler]
- present+ kpaulh, AkshayKumar, jfontana, nadalin
- 17:02:58 [selfissued]
- selfissued has joined #webauthn
- 17:03:13 [selfissued]
- present+
- 17:03:26 [apowers]
- apowers has joined #webauthn
- 17:04:00 [weiler]
- present+ jeffh
- 17:04:12 [jeffh]
- present+ jeffh
- 17:04:26 [jyasskin]
- present+
- 17:05:11 [CR01]
- CR01 has joined #webauthn
- 17:05:26 [weiler]
- present+ ChristiaanBrand
- 17:06:47 [weiler]
- present+ angelo, apowers, rolf
- 17:07:09 [angelo]
- angelo has joined #webauthn
- 17:08:52 [wseltzer]
- https://github.com/w3c/webauthn/issues/527
- 17:13:47 [CR01]
- slightlyoff: making isPlatformAuthenticatorAvailable an attribute doesn't work as it cannot have UI then.
- 17:15:02 [angelo]
- There are very few controversy around isPlatformAuthenticatorReady.
- 17:16:35 [jeffh]
- s/slightlyoff/selfissued/
- 17:16:56 [CR01]
- Thanks.
- 17:17:01 [jeffh]
- sorry, there's a fair bit of controversy re how isPlatformAuthenticatorReady is specified
- 17:17:49 [CR01]
- not resolving a promise doesn't seem to be a good approach
- 17:18:10 [angelo]
- Sorry I am getting caught up on the scribe
- 17:18:28 [CR01]
- porposal: merge 523 and fix the example
- 17:18:37 [angelo]
- Kim: I am in agreement with resolving https://github.com/w3c/webauthn/pull/523
- 17:18:54 [angelo]
- JC: I am in agreement with https://github.com/w3c/webauthn/pull/523
- 17:19:37 [angelo]
- JeffH: 523 isn't too well written.
- 17:19:46 [angelo]
- Tony: Mike, can you take a look at the grammar issue
- 17:20:02 [CR01]
- Close but don't merge 528
- 17:20:02 [angelo]
- Mike: I will take a look at the grammar side.
- 17:20:43 [angelo]
- We will close https://github.com/w3c/webauthn/pull/528.
- 17:21:15 [angelo]
- We're looking at https://github.com/w3c/webauthn/pull/525
- 17:21:28 [Ketan]
- Ketan has joined #webauthn
- 17:22:17 [angelo]
- 525 registers numbers for the 3 RSA signature algorithms instead of strings
- 17:22:34 [angelo]
- In 525, one of the algorithm becomes -255
- 17:23:08 [angelo]
- JeffH: I haven't read the PR yet but I count on MikeJones who is the expert on the COSE and IANA registry
- 17:24:20 [angelo]
- JeffH: In a PR that was recently merged, we changed algorithm identifer from WebCrypto identifiers to typedef identifiers
- 17:24:49 [angelo]
- In COSE spec, you are allowed to use either small integer or small string to register algorithms
- 17:25:17 [angelo]
- MikeJ: I agree there's a testing thing with using strings
- 17:27:12 [angelo]
- John: I am generally in supportive of making strings into integers
- 17:28:15 [angelo]
- JC: Are we adding constants? Would browsers have to handle it?
- 17:28:49 [angelo]
- MikeJ: we probably want to do that in the future
- 17:29:17 [angelo]
- Tony: everyone seems in agreement with merging 525
- 17:30:14 [angelo]
- After the two PRs (https://github.com/w3c/webauthn/pull/525 and https://github.com/w3c/webauthn/pull/528), I will start publishing WD06
- 17:30:30 [angelo]
- We're starting to look at WD07
- 17:31:06 [angelo]
- We are looking at https://github.com/w3c/webauthn/pull/498, which is a pull request for WD07
- 17:31:27 [angelo]
- Tony: I am wondering whether it would make into WD07
- 17:32:05 [angelo]
- JeffH: Yes, I believe so. There's a standing PR on CredMan.
- 17:32:42 [angelo]
- 498 is a possible breaking change
- 17:33:31 [angelo]
- JC: I am not sure if this is a breaking change.
- 17:33:32 [jeffh]
- jeffh: folks have had to already workaround/address the issues in pr #489 and credman
- 17:34:49 [angelo]
- jc: oh yeah there's an old conversation around whether we want to make it an valid domain or an origin.
- 17:36:35 [angelo]
- Angelo: I will take a closer look at 489 later this week.
- 17:37:00 [jfontana]
- jfontana has joined #webauthn
- 17:37:24 [CR01]
- all 498 not 489?
- 17:38:21 [jeffh]
- above discussion wrt PR #498
- 17:38:39 [jeffh]
- angelo: now issues discussion - want to discuss issue #458
- 17:39:20 [jeffh]
- angelo: domains change on web or are nominally equivalent from the perspective of the domains admins eg google.com and youtube.com
- 17:41:04 [angelo]
- angelo: I am hoping people can propose ideas to help address problems in 458
- 17:41:29 [CR01]
- Digital Asset Links (https://developers.google.com/digital-asset-links/v1/getting-started) are similar to original FIDO TrustedFacets lists.
- 17:41:45 [angelo]
- JeffH: At U2F and UAF era, we didn't want to do federal identity management
- 17:42:05 [CR01]
- FIDO decided at that time to stay out of federation - and hence do not allow credentials to be shared across domains.
- 17:43:03 [angelo]
- JeffH: if one of the implementers wants to do something for their special deployment, that's fine. But the problem is how we want to standardize in W3C
- 17:43:43 [angelo]
- JeffH: the user of digital asset links is also not available on the credman spec but only with Chrome's implementation.
- 17:43:45 [jyasskin]
- 1+
- 17:43:47 [jyasskin]
- q+
- 17:44:37 [angelo]
- Before, people's favored solution has been to use federation.
- 17:46:29 [CR01]
- small companies sometimes prefer a more lightweight method than federation
- 17:47:34 [jeffh]
- jyasskin: olddomain.com has creds there, visit newdomain.com, get redirected to olddomain.com, get cred, then redirect back to newdomain.com
- 17:48:23 [jyasskin]
- q-
- 17:48:36 [angelo]
- One of the possible solutions is to use OpenID connect.
- 17:48:56 [jeffh]
- angelo: <relates use case(s) where using federation to address domain changes is troublesome>
- 17:49:19 [dmitriz]
- dmitriz has joined #webauthn
- 17:49:39 [jeffh]
- jbradley: in fed world have seen use of federation to address these cases. tho have had discussions with google about a priori mapping of domains....
- 17:49:41 [angelo]
- Another challenge is if IDPs themselves decide to change their domain
- 17:49:49 [angelo]
- Another challenge is if IDPs themselves decide to change their own domains
- 17:49:57 [jeffh]
- christiaan: sounds like a federation issue to me
- 17:51:49 [jeffh]
- angelo: foo.com federates to login.live.com, bar.com feds with google.com, but same IDP controls both, want to merge everything into one domain. dont want old domains to remain and confuse users. so eventually have live.com to point to the right place.
- 17:56:45 [wseltzer]
- https://github.com/w3c/webauthn/issues/458
- 17:56:58 [angelo]
- Perhaps we can talk about this another day. Federation seems to be the commone issue here.
- 17:58:01 [angelo]
- I am not a fan of digital asset links myself but I was hoping someone can propose some ideas that could work better than those
- 18:01:07 [angelo]
- Akshay created a PR in FIDO-2 world to address CTAP and U2F compat
- 18:01:42 [angelo]
- MikeJ: The intention for that PR is to address the compat. Other folks on the call who are also part of that WG should review this.
- 18:03:43 [angelo]
- In the WebAuthn spec, the authenticator model is very hand-wavy. The CTAP spec has the concrete model.
- 18:04:08 [angelo]
- JC: why do I have to look at WebAuthn?
- 18:04:30 [angelo]
- The CTAP WG and U2F WG are merged together.
- 18:04:58 [angelo]
- jc: I am just worried I may have implemented the wrong thing.
- 18:06:14 [angelo]
- JeffH: that's not well thought out yet. Having the implementers writing code would help work this through.
- 18:09:05 [wseltzer]
- rrsagent, draft minutes
- 18:09:05 [RRSAgent]
- I have made the request to generate http://www.w3.org/2017/08/09-webauthn-minutes.html wseltzer
- 18:09:14 [wseltzer]
- rrsagent, make logs public
- 18:09:19 [wseltzer]
- rrsagent, draft minutes
- 18:09:19 [RRSAgent]
- I have made the request to generate http://www.w3.org/2017/08/09-webauthn-minutes.html wseltzer
- 18:09:46 [wseltzer]
- Chairs: nadalin, jfontana
- 18:09:48 [wseltzer]
- rrsagent, draft minutes
- 18:09:48 [RRSAgent]
- I have made the request to generate http://www.w3.org/2017/08/09-webauthn-minutes.html wseltzer
- 19:53:14 [weiler]
- weiler has joined #webauthn
- 22:04:14 [Zakim]
- Zakim has left #webauthn