IRC log of webauthn on 2019-09-04
Timestamps are in UTC.
- 17:32:25 [RRSAgent]
- RRSAgent has joined #webauthn
- 17:32:25 [RRSAgent]
- logging to https://www.w3.org/2019/09/04-webauthn-irc
- 17:32:29 [wseltzer]
- rrsagent, make logs public
- 17:32:32 [Zakim]
- Zakim has joined #webauthn
- 17:32:38 [wseltzer]
- Meeting: Web Authentication WG
- 17:32:49 [wseltzer]
- wseltzer has changed the topic to: 4 Sept WebAuthn
- 19:00:30 [elundberg]
- elundberg has joined #webauthn
- 19:00:33 [Ketan]
- Ketan has joined #webauthn
- 19:00:57 [sbweeden]
- sbweeden has joined #webauthn
- 19:01:50 [jfontana]
- jfontana has joined #webauthn
- 19:03:12 [jfontana]
- 04 09 2019
- 19:04:05 [Rolf]
- Rolf has joined #webauthn
- 19:04:50 [jfontana]
- tony: One more meeting, then two skips. 18th, 25th
- 19:04:55 [jfontana]
- ...status of charter changes.
- 19:05:03 [wseltzer]
- regrets+ wseltzer
- 19:05:16 [jfontana]
- ...it is out for review by AC reps. we are extended to 30th of Oct.
- 19:05:24 [jfontana]
- ...this allows charter process to run its course.
- 19:05:54 [jfontana]
- ...vote to approve the charter if yo are AC rep
- 19:06:26 [jfontana]
- ..any questions on TPAC agenda, please post to list
- 19:06:34 [jfontana]
- ...if you are in Japan, you can join.
- 19:06:55 [jfontana]
- ...if you have any adds to agenda send to Tony. demos, etc, Sign up for meeting.
- 19:07:21 [jfontana]
- ...couple of invited guests have been approved.
- 19:08:29 [jfontana]
- https://github.com/w3c/webauthn/pull/653
- 19:08:38 [jfontana]
- tony: won't go over.
- 19:08:52 [jfontana]
- https://github.com/w3c/webauthn/pull/909
- 19:09:12 [jfontana]
- skip
- 19:09:31 [jfontana]
- https://github.com/w3c/webauthn/pull/1250
- 19:09:38 [jfontana]
- tony: need akshay to review
- 19:09:42 [jfontana]
- akshay: yes
- 19:10:15 [jfontana]
- https://github.com/w3c/webauthn/pull/1256
- 19:10:26 [jfontana]
- tony: nina you won't be in Japan
- 19:10:50 [jfontana]
- ...this will come up at face to face
- 19:10:54 [jfontana]
- nina: I won't be there.
- 19:11:03 [jfontana]
- tony: jeffH can you represent
- 19:11:06 [jfontana]
- jeffH: yes.
- 19:11:22 [jfontana]
- tony: akshay, need to push to close by before or during face to face
- 19:11:28 [jfontana]
- akshay: I will do it
- 19:11:38 [jfontana]
- tony: agl have you signed off.
- 19:11:44 [jfontana]
- ...please look at it before face to face
- 19:11:51 [jfontana]
- ...jeffH has approved.
- 19:12:16 [jfontana]
- agl: if nina thinks this is good, I think it is good.
- 19:12:23 [jfontana]
- tony: put that on reviewer list
- 19:12:40 [jfontana]
- https://github.com/w3c/webauthn/pull/1270
- 19:12:43 [jfontana]
- tony: ready to go?
- 19:13:02 [jfontana]
- elundberg: not ready. JeffH has some comments
- 19:13:18 [jfontana]
- jeffH: it will be fine. work in my comments
- 19:13:26 [jfontana]
- ...I am putting it on elundberg
- 19:13:44 [jfontana]
- tony: elundberg, please look at this one.
- 19:13:54 [jfontana]
- elundberg: OK
- 19:14:14 [jfontana]
- ...only thing is term bootstrap. we could merge and continue that discussion later
- 19:14:31 [jfontana]
- jeffH; some editorial. but thanks for the other clean-up
- 19:14:41 [jfontana]
- ...it improves issues #344
- 19:15:09 [jfontana]
- elundberg: we could merge this now.
- 19:15:40 [jfontana]
- jeffH: later clean-up is fine
- 19:15:59 [jfontana]
- elundberg: I will merge
- 19:16:20 [jfontana]
- https://github.com/w3c/webauthn/pull/1276
- 19:16:44 [jfontana]
- tony: this needs additional reveiw
- 19:16:51 [jfontana]
- akshay: I need more detail
- 19:16:59 [jfontana]
- jeffH: further changes needed in Cred Man
- 19:17:08 [jfontana]
- ...I will shoot to finish before TPAC
- 19:17:30 [jfontana]
- ...this helps cross origin I-frames via feature policyt
- 19:18:07 [jfontana]
- ...real meat will be in cred man spec
- 19:18:15 [jfontana]
- tony: how will the RPs know what to do
- 19:18:48 [jfontana]
- jeffH: way feature policy works, there is default allow list. this is same origin as ancestors by default
- 19:18:59 [jfontana]
- ...does not changing exisiting default behavior
- 19:19:26 [jfontana]
- ...but somebody could explicitly engage cross origin I-frame
- 19:19:38 [jfontana]
- ...boolean will be true
- 19:20:04 [jfontana]
- tony: how will RPs know what to look for
- 19:20:10 [jfontana]
- jeffH: it will be in the spec
- 19:20:17 [jfontana]
- ...it covers RPs
- 19:20:38 [jfontana]
- ...we are making changes from level 1. we should explian how it works.
- 19:20:44 [jfontana]
- ...as opposed to level 1
- 19:21:11 [jfontana]
- jbradley: this should only effect people who have turned it on.
- 19:21:21 [jfontana]
- https://github.com/w3c/webauthn/pull/1284
- 19:21:26 [jfontana]
- tony: still in progress. no review
- 19:21:48 [jfontana]
- jeffh: real simple. a small change
- 19:22:07 [jfontana]
- ...i landed the change in feature policy world, in terms of list of defined feature policies.
- 19:22:27 [jfontana]
- agl: this should be able to land now
- 19:22:33 [jfontana]
- ...please review
- 19:22:45 [jfontana]
- akshay: looks good to me. I signed off on itt.
- 19:23:34 [jfontana]
- https://github.com/w3c/webauthn/pull/1288
- 19:23:44 [jfontana]
- elundberg: any objections to merging?
- 19:23:55 [jfontana]
- tony: jeff H and akshay have approved.
- 19:24:16 [jfontana]
- https://github.com/w3c/webauthn/pull/1289
- 19:25:58 [jfontana]
- agl: part of the steps need to remain.
- 19:26:13 [jfontana]
- ...you should stop and think about extensions
- 19:26:23 [jfontana]
- ...this change seems fine.
- 19:26:49 [jfontana]
- shane: do you have proposal for more words
- 19:27:24 [jfontana]
- agl: perhaps a note, add info. about extension actions.
- 19:27:34 [jfontana]
- shane: I can add something like that
- 19:27:48 [jfontana]
- tony: but this will be change in behavoir. willit break
- 19:28:03 [jfontana]
- elundberg: will they have to accept extensions they don't know about.
- 19:28:16 [jfontana]
- ...but extension note is given, should they accept it?
- 19:28:39 [jfontana]
- shane: the whole point. could the RP open or fail closed.
- 19:28:47 [jfontana]
- ...practical use that it should not always do that.
- 19:28:58 [jfontana]
- elundberg: these are probably well known extensions
- 19:29:11 [jfontana]
- shane: no one knows cred protect. it is not public yet.
- 19:29:52 [jfontana]
- ...what is right answer here. maybe it should not be injected.
- 19:30:13 [jfontana]
- DWaite: our RP had issue with this.
- 19:30:37 [jfontana]
- ...we were saying it was not compatible with new YubiKeys, but it was browser issue with compliance
- 19:30:50 [jfontana]
- ...it is an extension, that RP don't understand this now.
- 19:30:59 [jfontana]
- ...RPs don't seem to have the knowledge.
- 19:31:10 [jfontana]
- agl: this is why we are doing this chamnge
- 19:31:24 [jfontana]
- tony: shane, do you have what you need.
- 19:31:31 [jfontana]
- shane: need approvers
- 19:31:45 [jfontana]
- tony: agl, jeffH, elundberg on the list
- 19:31:52 [jfontana]
- alexei: If I may...
- 19:32:35 [jfontana]
- ...related questions. arbitrary extensions from authenticators, is this still a thing. I thought we didn't want this.
- 19:32:39 [jfontana]
- jbradley: chrome added it
- 19:33:12 [jfontana]
- agl: this was about what was rejected. if it is problem we could change our stance.
- 19:34:30 [jfontana]
- jbradley: i suspect that we want to allow the user to have control via browser or authenticator
- 19:35:29 [jfontana]
- akshay: can we reject these things. I would say let it play out and see what happens.
- 19:36:00 [jfontana]
- jbradley: I don't know of any scenarioes now, but maybe down the road.
- 19:36:39 [jfontana]
- ...the concern for RP, if extension that meanings are different and it changes security context
- 19:37:17 [jfontana]
- ...I think this is pretty low risk.
- 19:37:38 [jfontana]
- akshay: ultimately it is for the RP to decide.
- 19:37:56 [jfontana]
- ...should be case by case basis
- 19:38:12 [jfontana]
- shane: another example may be cred ??? extension
- 19:38:29 [jfontana]
- ...cred prop
- 19:38:53 [jfontana]
- ..cred props. new to level 2. deals with resident keys
- 19:39:25 [jfontana]
- akshay: looks like we have different points of view for different scenarioes.
- 19:40:44 [jfontana]
- shane: all add note and see if reviewers can approve or not.
- 19:40:54 [jfontana]
- tony: akshay, take a second look.
- 19:40:57 [jfontana]
- akshay: yes.
- 19:42:15 [jfontana]
- moving to issues
- 19:42:49 [jfontana]
- #1282 lcosed
- 19:42:59 [jfontana]
- #1283 closed
- 19:43:23 [jfontana]
- https://github.com/w3c/webauthn/issues/1285
- 19:43:34 [jfontana]
- agl: still some conversation
- 19:43:41 [jfontana]
- tony: this is not ready yet.
- 19:43:46 [ignaloidas]
- ignaloidas has joined #webauthn
- 19:44:29 [jfontana]
- akshay: does not seem anyone is using icons at this time
- 19:44:50 [jfontana]
- agl: we do not store icons on authenticator
- 19:45:22 [jfontana]
- ...expectation some authenticators will be larger, maybe then can store data URLs, not yet.
- 19:45:33 [jfontana]
- jeffH: like built-in platform authenticators
- 19:45:40 [Zakim]
- Zakim has left #webauthn
- 19:45:58 [jfontana]
- thttps://github.com/w3c/webauthn/issues/1286
- 19:46:28 [jfontana]
- akshay: look at it before TPAC
- 19:46:36 [jfontana]
- tony: any open issues for discussion.
- 19:46:49 [jfontana]
- ...any questions, concerns, updates.
- 19:47:33 [jfontana]
- ...at TPAC, we will look at issues for WD-02. we may have to react before all the editorial ones land
- 19:47:45 [jfontana]
- jeffH: the list is going to change between now and TPAC
- 19:47:55 [jfontana]
- tony: that is todayt's agenda.
- 19:48:23 [jfontana]
- ...OK, meeting next week, then off for two weeks on call (TPAC starts on Sept. 16)
- 19:48:56 [jfontana]
- rrsagent, make logs public
- 19:49:10 [jfontana]
- rrsagent, draft minutes
- 19:49:10 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/04-webauthn-minutes.html jfontana
- 19:49:40 [jfontana]
- chairs: Nadalin, Fontana
- 19:50:02 [jfontana]
- Date 04 09 2019
- 19:50:23 [jfontana]
- rrsagent, list attendees
- 19:50:23 [RRSAgent]
- I'm logging. I don't understand 'list attendees', jfontana. Try /msg RRSAgent help
- 19:50:54 [jfontana]
- rrsagent, attendees
- 19:50:54 [RRSAgent]
- I'm logging. I don't understand 'attendees', jfontana. Try /msg RRSAgent help
- 19:51:08 [jfontana]
- rrsagent, draft minutes
- 19:51:08 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/04-webauthn-minutes.html jfontana
- 19:51:55 [jfontana]
- zakim, list attendees
- 20:45:01 [wseltzer]
- zakim, who is here?
- 21:34:18 [L2WD02]
- L2WD02 has joined #webauthn
- 21:45:37 [jbarclay]
- jbarclay has joined #webauthn
- 23:01:43 [ignaloidas]
- ignaloidas has joined #webauthn