IRC log of webauthn on 2019-09-11

Timestamps are in UTC.

19:01:48 [RRSAgent]: RRSAgent has joined #webauthn
19:01:48 [RRSAgent]: logging to https://www.w3.org/2019/09/11-webauthn-irc
19:01:51 [Zakim]: Zakim has joined #webauthn
19:01:55 [wseltzer]: rrsagent, make logs public
19:03:08 [elundberg]: elundberg has joined #webauthn
19:03:24 [wseltzer]: present+
19:03:27 [jfontana]: present+
19:03:50 [wseltzer]: wseltzer has changed the topic to: 11 Sept.
19:03:52 [nmooney]: present+ nsteele
19:03:53 [David_Turner]: David_Turner has joined #webauthn
19:04:24 [wseltzer]: Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Sep/0100.html
19:04:27 [wseltzer]: present+ nmooney
19:05:13 [wseltzer]: present+ Akshay, David_Turner, David_Waite, elundberg, jcj_moz, nadalin
19:05:25 [wseltzer]: present+ agl, sbweeden
19:06:14 [Rolf]: Rolf has joined #webauthn
19:06:49 [jfontana]: chairs: nadalin, fontana
19:06:55 [jfontana]: scribe: fontana
19:07:03 [wseltzer]: -> TPAC Fukuoka, next week https://www.w3.org/2019/09/TPAC/schedule.html
19:07:44 [wseltzer]: -> WebAuthn schedule for TPAC https://lists.w3.org/Archives/Public/public-webauthn/2019Sep/0072.html
19:08:57 [wseltzer]: present+ pasan, selfissued
19:09:39 [jfontana]: tony: also joint meetings with Web Payments and Web Payments Security Interest Group.
19:10:07 [jfontana]: Duo will present on Wednesday un-conference
19:10:30 [jfontana]: tony: anything else on TPAC
19:10:43 [jfontana]: ...if you have updates, send
19:10:54 [jfontana]: ...added time to discuss account recovery
19:11:24 [jbarclay]: jbarclay has joined #webauthn
19:11:37 [jbarclay]: present+
19:13:37 [jfontana]: tony: set on TPAC agenda
19:14:02 [jfontana]: tony: #909 on hold
19:14:30 [jfontana]: tony: moving #909 to WD-03
19:14:46 [jfontana]: https://github.com/w3c/webauthn/pull/1250
19:14:56 [jfontana]: akshay: getting more questions than answers
19:15:07 [jfontana]: ...need to look closer at this.
19:15:19 [jfontana]: ...will finish by TPAC.
19:15:55 [jfontana]: https://github.com/w3c/webauthn/pull/1276
19:15:58 [jfontana]: tony: still blocked
19:16:10 [jfontana]: https://github.com/w3c/webauthn/pull/1298
19:16:17 [jfontana]: elundb erg: need more reviewers
19:16:23 [jfontana]: selfissue: can you help
19:16:27 [jfontana]: ...sure
19:16:47 [jfontana]: tony: it is an editorial
19:17:01 [jfontana]: https://github.com/w3c/webauthn/pull/1299
19:17:25 [jfontana]: tony: akshay will help review
19:17:35 [jfontana]: ...should be just editorial change
19:18:24 [jfontana]: ...at face to face, #1250 #1256 #1298 and #1299 closed
19:18:34 [jfontana]: tony: any questions on PR?
19:18:35 [jfontana]: no
19:18:38 [jfontana]: moving to issues
19:19:10 [jfontana]: tony: jeff do you want to skip all editorials
19:19:19 [jfontana]: jeffH: yes I have 10 and we can skip
19:19:33 [jfontana]: tony: will these make wd-02
19:19:46 [jfontana]: jeffH: more important wok is in cred man
19:19:56 [jfontana]: shane: will these amke wd-02
19:20:24 [jfontana]: tony: want to get to point at TPAC we close open PR and triage what we want in wd-02
19:20:32 [jfontana]: ...close out publice review
19:20:44 [jfontana]: shane: so no target date
19:21:23 [jfontana]: tony: there is, on WD-02. wrap up by end of year. to get to CR, by end of year.
19:21:49 [jfontana]: ...we will need at least 3 drafts, WD's, to feel comfortable with a CR
19:21:59 [jfontana]: akshay: so two more working drafts
19:22:26 [jfontana]: tony: I want a wd-02 after TPAC, then one before holidays, then work toward CR at beginning of year.
19:22:46 [jfontana]: tony: there are some un-triaged issues to handle
19:23:10 [jfontana]: https://github.com/w3c/webauthn/issues/1291
19:23:19 [jfontana]: tony: is ithe wd-2 or 3
19:23:33 [jfontana]: elundberg: yes, i think 3. so of these are vague
19:23:48 [jfontana]: https://github.com/w3c/webauthn/issues/1292
19:24:09 [jfontana]: agl: we are a bit worried about this. if this doesn't align, don't know what that means
19:25:04 [jfontana]: ...i want a PR by TPAC to look at this. want to look at Apple's issues. we can discuss at TPAC
19:25:16 [jfontana]: ...in some form, I will have something by the friday
19:25:16 [jfontana]: T
19:25:21 [jfontana]: tpac meeting
19:25:33 [jfontana]: https://github.com/w3c/webauthn/issues/1293
19:25:57 [jfontana]: agl: unsure of motive on this. think it breaks things
19:26:05 [jfontana]: akshay: what is this?
19:27:28 [jfontana]: agl: there is user gesture. Apple is worried about the outcome of this issue.
19:27:38 [jfontana]: ...android has not said they are worried about this.
19:27:58 [jfontana]: ...they are uncomfortable about this.
19:28:31 [jfontana]: correction: apple is uncomfortable with the issue
19:29:04 [jfontana]: agl: there are cases that will break for us if we did this
19:29:23 [jfontana]: JDJ_Moz: i want to talk to other RPs
19:29:30 [jfontana]: nick: this would break for DUO
19:30:15 [jfontana]: the issue is Requiring user gesture to call WebAuthn API
19:30:27 [jfontana]: tony: this is key to discuss at TPAC
19:30:39 [jfontana]: https://github.com/w3c/webauthn/issues/1294
19:30:48 [jfontana]: tony: some discussion also in FIDO
19:31:00 [jfontana]: akshay: I want to understand the use case.
19:31:18 [jfontana]: agl: I have to leave. read my comments on the bug on Apple issue.
19:31:36 [jfontana]: ...I would not fight them over Lightning.
19:31:51 [jfontana]: jbradley: I am pushing for it, because google wants it in.
19:32:00 [jfontana]: agl: I have not been able to talk to Christiaan
19:32:41 [jfontana]: jeffh: the other thing to note. comment in issue, is hinting that apple differentiation between lightning and other things may go away.
19:32:45 [jfontana]: ...but I am not sure.
19:32:54 [jfontana]: akshay: I will re-read this item.
19:32:58 [jeffh]: present+
19:33:07 [wseltzer]: [agl departs]
19:33:11 [jfontana]: ...have to think about all the OS versions.
19:33:27 [jfontana]: jbradley: we think apple will support w
19:33:43 [jfontana]: web authn on iOS, just when
19:34:08 [jfontana]: jbradley: HID over iOS does not work right now
19:34:16 [jfontana]: tony: no issues other than that.
19:34:41 [jfontana]: jbradley: there are some things we can do to signal to RP
19:34:52 [jfontana]: https://github.com/w3c/webauthn/issues/1296
19:34:57 [jfontana]: tonhy: we will do this face to face.
19:35:05 [jfontana]: ...will this break anybody?
19:35:35 [jfontana]: akshay: we have a mix of authenticators, I would preferto do this in the browser.
19:35:45 [jfontana]: ...we need to clarify.
19:36:20 [jfontana]: tony: we want to make this consistent
19:36:23 [jfontana]: ...this is normative change
19:37:16 [jfontana]: jeffH: try to fix the inconsistencies here.
19:37:56 [jfontana]: tony: akshay you want it handled in thet browsers?
19:38:09 [jfontana]: akshay: that is initial reaction
19:38:25 [jfontana]: jeffH: consider if it is browser job to do truncation
19:38:40 [jfontana]: https://github.com/w3c/webauthn/issues/1297
19:38:55 [jfontana]: shane: think google has more of a vested interest than I do.
19:40:23 [jfontana]: ...I think this can close with no action, but maybe keep it open until Google can comment
19:40:30 [jfontana]: jeffH: yes, google will think about this.
19:42:04 [jfontana]: tony: where do we stand on #1199
19:42:17 [jfontana]: https://github.com/w3c/webauthn/issues/1199
19:42:31 [jfontana]: akshay: it is not clear. not as simple as we thought
19:42:43 [jfontana]: jeffH: move to wd-03 l2
19:42:53 [jfontana]: akshay: yes, this is very tricky
19:43:01 [jfontana]: jeffH: agreed
19:43:19 [jfontana]: tony: what about https://github.com/w3c/webauthn/issues/1285
19:43:29 [jfontana]: tony: does anyone do this today
19:43:32 [jfontana]: akshay: no
19:43:57 [jfontana]: shane: this is one thing I put in my user profiles, but when I thought no browser supported, I thought why do we have it.
19:44:09 [jfontana]: jeffH: i am trying to find my notes. we have discussed.
19:44:27 [jfontana]: nick: could be used by RP on the page
19:44:44 [jfontana]: akshay: is antoher use case with mobile, and if they can show it.
19:44:53 [jfontana]: ...removing is too extreme right tnow
19:45:22 [jfontana]: jeffH: we talked about this yesterday. various ways to approach for fixing
19:45:33 [jfontana]: ...could be draconian, and restrict to data URLs
19:45:46 [jfontana]: ...there are subtle but important consideration.
19:46:18 [jfontana]: elundberg: restricting it to data URLs would restrict to roaming authenticators.
19:46:48 [jfontana]: jeffH: lot going on to get this right. it is under specified or mis-specified
19:47:06 [elundberg]: s/restrict to roaming authenticators/make it practically unusable with limited-hardware authenticators/
19:47:21 [jfontana]: tony: this takes us through all the technical issues we haven
19:47:45 [jfontana]: jeffH: waiting for PR on #1286
19:48:38 [jfontana]: akshay will make a comment in #1286
19:49:01 [jfontana]: wseltzer: we will have dial-in for TPAC
19:49:18 [jfontana]: shane: can you add instructions for that.
19:49:48 [jfontana]: tony: adjourn
19:51:21 [jfontana]: RRSagent, make logs public
19:51:38 [jfontana]: rrsagent, draft minutes
19:51:38 [RRSAgent]: I have made the request to generate https://www.w3.org/2019/09/11-webauthn-minutes.html jfontana
19:52:52 [jfontana]: zakim, list attendees
19:52:52 [Zakim]: As of this point the attendees have been wseltzer, jfontana, nsteele, nmooney, Akshay, David_Turner, David_Waite, elundberg, jcj_moz, nadalin, agl, sbweeden, pasan, selfissued,
19:52:55 [Zakim]: ... jbarclay, jeffh
19:53:27 [jfontana]: rrsagent, draft minutes
19:53:27 [RRSAgent]: I have made the request to generate https://www.w3.org/2019/09/11-webauthn-minutes.html jfontana
19:54:04 [jfontana]: zakim, bye
19:54:04 [Zakim]: leaving. As of this point the attendees have been wseltzer, jfontana, nsteele, nmooney, Akshay, David_Turner, David_Waite, elundberg, jcj_moz, nadalin, agl, sbweeden, pasan,
19:54:04 [Zakim]: Zakim has left #webauthn
19:54:07 [Zakim]: ... selfissued, jbarclay, jeffh
19:54:23 [jfontana]: rrsagent, bye
19:54:23 [RRSAgent]: I see no action items