IRC log of webauthn on 2019-09-04

Timestamps are in UTC.

17:32:25 [RRSAgent]: RRSAgent has joined #webauthn
17:32:25 [RRSAgent]: logging to https://www.w3.org/2019/09/04-webauthn-irc
17:32:29 [wseltzer]: rrsagent, make logs public
17:32:32 [Zakim]: Zakim has joined #webauthn
17:32:38 [wseltzer]: Meeting: Web Authentication WG
17:32:49 [wseltzer]: wseltzer has changed the topic to: 4 Sept WebAuthn
19:00:30 [elundberg]: elundberg has joined #webauthn
19:00:33 [Ketan]: Ketan has joined #webauthn
19:00:57 [sbweeden]: sbweeden has joined #webauthn
19:01:50 [jfontana]: jfontana has joined #webauthn
19:03:12 [jfontana]: 04 09 2019
19:04:05 [Rolf]: Rolf has joined #webauthn
19:04:50 [jfontana]: tony: One more meeting, then two skips. 18th, 25th
19:04:55 [jfontana]: ...status of charter changes.
19:05:03 [wseltzer]: regrets+ wseltzer
19:05:16 [jfontana]: ...it is out for review by AC reps. we are extended to 30th of Oct.
19:05:24 [jfontana]: ...this allows charter process to run its course.
19:05:54 [jfontana]: ...vote to approve the charter if yo are AC rep
19:06:26 [jfontana]: ..any questions on TPAC agenda, please post to list
19:06:34 [jfontana]: ...if you are in Japan, you can join.
19:06:55 [jfontana]: ...if you have any adds to agenda send to Tony. demos, etc, Sign up for meeting.
19:07:21 [jfontana]: ...couple of invited guests have been approved.
19:08:29 [jfontana]: https://github.com/w3c/webauthn/pull/653
19:08:38 [jfontana]: tony: won't go over.
19:08:52 [jfontana]: https://github.com/w3c/webauthn/pull/909
19:09:12 [jfontana]: skip
19:09:31 [jfontana]: https://github.com/w3c/webauthn/pull/1250
19:09:38 [jfontana]: tony: need akshay to review
19:09:42 [jfontana]: akshay: yes
19:10:15 [jfontana]: https://github.com/w3c/webauthn/pull/1256
19:10:26 [jfontana]: tony: nina you won't be in Japan
19:10:50 [jfontana]: ...this will come up at face to face
19:10:54 [jfontana]: nina: I won't be there.
19:11:03 [jfontana]: tony: jeffH can you represent
19:11:06 [jfontana]: jeffH: yes.
19:11:22 [jfontana]: tony: akshay, need to push to close by before or during face to face
19:11:28 [jfontana]: akshay: I will do it
19:11:38 [jfontana]: tony: agl have you signed off.
19:11:44 [jfontana]: ...please look at it before face to face
19:11:51 [jfontana]: ...jeffH has approved.
19:12:16 [jfontana]: agl: if nina thinks this is good, I think it is good.
19:12:23 [jfontana]: tony: put that on reviewer list
19:12:40 [jfontana]: https://github.com/w3c/webauthn/pull/1270
19:12:43 [jfontana]: tony: ready to go?
19:13:02 [jfontana]: elundberg: not ready. JeffH has some comments
19:13:18 [jfontana]: jeffH: it will be fine. work in my comments
19:13:26 [jfontana]: ...I am putting it on elundberg
19:13:44 [jfontana]: tony: elundberg, please look at this one.
19:13:54 [jfontana]: elundberg: OK
19:14:14 [jfontana]: ...only thing is term bootstrap. we could merge and continue that discussion later
19:14:31 [jfontana]: jeffH; some editorial. but thanks for the other clean-up
19:14:41 [jfontana]: ...it improves issues #344
19:15:09 [jfontana]: elundberg: we could merge this now.
19:15:40 [jfontana]: jeffH: later clean-up is fine
19:15:59 [jfontana]: elundberg: I will merge
19:16:20 [jfontana]: https://github.com/w3c/webauthn/pull/1276
19:16:44 [jfontana]: tony: this needs additional reveiw
19:16:51 [jfontana]: akshay: I need more detail
19:16:59 [jfontana]: jeffH: further changes needed in Cred Man
19:17:08 [jfontana]: ...I will shoot to finish before TPAC
19:17:30 [jfontana]: ...this helps cross origin I-frames via feature policyt
19:18:07 [jfontana]: ...real meat will be in cred man spec
19:18:15 [jfontana]: tony: how will the RPs know what to do
19:18:48 [jfontana]: jeffH: way feature policy works, there is default allow list. this is same origin as ancestors by default
19:18:59 [jfontana]: ...does not changing exisiting default behavior
19:19:26 [jfontana]: ...but somebody could explicitly engage cross origin I-frame
19:19:38 [jfontana]: ...boolean will be true
19:20:04 [jfontana]: tony: how will RPs know what to look for
19:20:10 [jfontana]: jeffH: it will be in the spec
19:20:17 [jfontana]: ...it covers RPs
19:20:38 [jfontana]: ...we are making changes from level 1. we should explian how it works.
19:20:44 [jfontana]: ...as opposed to level 1
19:21:11 [jfontana]: jbradley: this should only effect people who have turned it on.
19:21:21 [jfontana]: https://github.com/w3c/webauthn/pull/1284
19:21:26 [jfontana]: tony: still in progress. no review
19:21:48 [jfontana]: jeffh: real simple. a small change
19:22:07 [jfontana]: ...i landed the change in feature policy world, in terms of list of defined feature policies.
19:22:27 [jfontana]: agl: this should be able to land now
19:22:33 [jfontana]: ...please review
19:22:45 [jfontana]: akshay: looks good to me. I signed off on itt.
19:23:34 [jfontana]: https://github.com/w3c/webauthn/pull/1288
19:23:44 [jfontana]: elundberg: any objections to merging?
19:23:55 [jfontana]: tony: jeff H and akshay have approved.
19:24:16 [jfontana]: https://github.com/w3c/webauthn/pull/1289
19:25:58 [jfontana]: agl: part of the steps need to remain.
19:26:13 [jfontana]: ...you should stop and think about extensions
19:26:23 [jfontana]: ...this change seems fine.
19:26:49 [jfontana]: shane: do you have proposal for more words
19:27:24 [jfontana]: agl: perhaps a note, add info. about extension actions.
19:27:34 [jfontana]: shane: I can add something like that
19:27:48 [jfontana]: tony: but this will be change in behavoir. willit break
19:28:03 [jfontana]: elundberg: will they have to accept extensions they don't know about.
19:28:16 [jfontana]: ...but extension note is given, should they accept it?
19:28:39 [jfontana]: shane: the whole point. could the RP open or fail closed.
19:28:47 [jfontana]: ...practical use that it should not always do that.
19:28:58 [jfontana]: elundberg: these are probably well known extensions
19:29:11 [jfontana]: shane: no one knows cred protect. it is not public yet.
19:29:52 [jfontana]: ...what is right answer here. maybe it should not be injected.
19:30:13 [jfontana]: DWaite: our RP had issue with this.
19:30:37 [jfontana]: ...we were saying it was not compatible with new YubiKeys, but it was browser issue with compliance
19:30:50 [jfontana]: ...it is an extension, that RP don't understand this now.
19:30:59 [jfontana]: ...RPs don't seem to have the knowledge.
19:31:10 [jfontana]: agl: this is why we are doing this chamnge
19:31:24 [jfontana]: tony: shane, do you have what you need.
19:31:31 [jfontana]: shane: need approvers
19:31:45 [jfontana]: tony: agl, jeffH, elundberg on the list
19:31:52 [jfontana]: alexei: If I may...
19:32:35 [jfontana]: ...related questions. arbitrary extensions from authenticators, is this still a thing. I thought we didn't want this.
19:32:39 [jfontana]: jbradley: chrome added it
19:33:12 [jfontana]: agl: this was about what was rejected. if it is problem we could change our stance.
19:34:30 [jfontana]: jbradley: i suspect that we want to allow the user to have control via browser or authenticator
19:35:29 [jfontana]: akshay: can we reject these things. I would say let it play out and see what happens.
19:36:00 [jfontana]: jbradley: I don't know of any scenarioes now, but maybe down the road.
19:36:39 [jfontana]: ...the concern for RP, if extension that meanings are different and it changes security context
19:37:17 [jfontana]: ...I think this is pretty low risk.
19:37:38 [jfontana]: akshay: ultimately it is for the RP to decide.
19:37:56 [jfontana]: ...should be case by case basis
19:38:12 [jfontana]: shane: another example may be cred ??? extension
19:38:29 [jfontana]: ...cred prop
19:38:53 [jfontana]: ..cred props. new to level 2. deals with resident keys
19:39:25 [jfontana]: akshay: looks like we have different points of view for different scenarioes.
19:40:44 [jfontana]: shane: all add note and see if reviewers can approve or not.
19:40:54 [jfontana]: tony: akshay, take a second look.
19:40:57 [jfontana]: akshay: yes.
19:42:15 [jfontana]: moving to issues
19:42:49 [jfontana]: #1282 lcosed
19:42:59 [jfontana]: #1283 closed
19:43:23 [jfontana]: https://github.com/w3c/webauthn/issues/1285
19:43:34 [jfontana]: agl: still some conversation
19:43:41 [jfontana]: tony: this is not ready yet.
19:43:46 [ignaloidas]: ignaloidas has joined #webauthn
19:44:29 [jfontana]: akshay: does not seem anyone is using icons at this time
19:44:50 [jfontana]: agl: we do not store icons on authenticator
19:45:22 [jfontana]: ...expectation some authenticators will be larger, maybe then can store data URLs, not yet.
19:45:33 [jfontana]: jeffH: like built-in platform authenticators
19:45:40 [Zakim]: Zakim has left #webauthn
19:45:58 [jfontana]: thttps://github.com/w3c/webauthn/issues/1286
19:46:28 [jfontana]: akshay: look at it before TPAC
19:46:36 [jfontana]: tony: any open issues for discussion.
19:46:49 [jfontana]: ...any questions, concerns, updates.
19:47:33 [jfontana]: ...at TPAC, we will look at issues for WD-02. we may have to react before all the editorial ones land
19:47:45 [jfontana]: jeffH: the list is going to change between now and TPAC
19:47:55 [jfontana]: tony: that is todayt's agenda.
19:48:23 [jfontana]: ...OK, meeting next week, then off for two weeks on call (TPAC starts on Sept. 16)
19:48:56 [jfontana]: rrsagent, make logs public
19:49:10 [jfontana]: rrsagent, draft minutes
19:49:10 [RRSAgent]: I have made the request to generate https://www.w3.org/2019/09/04-webauthn-minutes.html jfontana
19:49:40 [jfontana]: chairs: Nadalin, Fontana
19:50:02 [jfontana]: Date 04 09 2019
19:50:23 [jfontana]: rrsagent, list attendees
19:50:23 [RRSAgent]: I'm logging. I don't understand 'list attendees', jfontana. Try /msg RRSAgent help
19:50:54 [jfontana]: rrsagent, attendees
19:50:54 [RRSAgent]: I'm logging. I don't understand 'attendees', jfontana. Try /msg RRSAgent help
19:51:08 [jfontana]: rrsagent, draft minutes
19:51:08 [RRSAgent]: I have made the request to generate https://www.w3.org/2019/09/04-webauthn-minutes.html jfontana
19:51:55 [jfontana]: zakim, list attendees
20:45:01 [wseltzer]: zakim, who is here?
21:34:18 [L2WD02]: L2WD02 has joined #webauthn
21:45:37 [jbarclay]: jbarclay has joined #webauthn
23:01:43 [ignaloidas]: ignaloidas has joined #webauthn