IRC log of webauthn on 2019-09-11
Timestamps are in UTC.
- 19:01:48 [RRSAgent]
- RRSAgent has joined #webauthn
- 19:01:48 [RRSAgent]
- logging to https://www.w3.org/2019/09/11-webauthn-irc
- 19:01:51 [Zakim]
- Zakim has joined #webauthn
- 19:01:55 [wseltzer]
- rrsagent, make logs public
- 19:03:08 [elundberg]
- elundberg has joined #webauthn
- 19:03:24 [wseltzer]
- present+
- 19:03:27 [jfontana]
- present+
- 19:03:50 [wseltzer]
- wseltzer has changed the topic to: 11 Sept.
- 19:03:52 [nmooney]
- present+ nsteele
- 19:03:53 [David_Turner]
- David_Turner has joined #webauthn
- 19:04:24 [wseltzer]
- Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2019Sep/0100.html
- 19:04:27 [wseltzer]
- present+ nmooney
- 19:05:13 [wseltzer]
- present+ Akshay, David_Turner, David_Waite, elundberg, jcj_moz, nadalin
- 19:05:25 [wseltzer]
- present+ agl, sbweeden
- 19:06:14 [Rolf]
- Rolf has joined #webauthn
- 19:06:49 [jfontana]
- chairs: nadalin, fontana
- 19:06:55 [jfontana]
- scribe: fontana
- 19:07:03 [wseltzer]
- -> TPAC Fukuoka, next week https://www.w3.org/2019/09/TPAC/schedule.html
- 19:07:44 [wseltzer]
- -> WebAuthn schedule for TPAC https://lists.w3.org/Archives/Public/public-webauthn/2019Sep/0072.html
- 19:08:57 [wseltzer]
- present+ pasan, selfissued
- 19:09:39 [jfontana]
- tony: also joint meetings with Web Payments and Web Payments Security Interest Group.
- 19:10:07 [jfontana]
- Duo will present on Wednesday un-conference
- 19:10:30 [jfontana]
- tony: anything else on TPAC
- 19:10:43 [jfontana]
- ...if you have updates, send
- 19:10:54 [jfontana]
- ...added time to discuss account recovery
- 19:11:24 [jbarclay]
- jbarclay has joined #webauthn
- 19:11:37 [jbarclay]
- present+
- 19:13:37 [jfontana]
- tony: set on TPAC agenda
- 19:14:02 [jfontana]
- tony: #909 on hold
- 19:14:30 [jfontana]
- tony: moving #909 to WD-03
- 19:14:46 [jfontana]
- https://github.com/w3c/webauthn/pull/1250
- 19:14:56 [jfontana]
- akshay: getting more questions than answers
- 19:15:07 [jfontana]
- ...need to look closer at this.
- 19:15:19 [jfontana]
- ...will finish by TPAC.
- 19:15:55 [jfontana]
- https://github.com/w3c/webauthn/pull/1276
- 19:15:58 [jfontana]
- tony: still blocked
- 19:16:10 [jfontana]
- https://github.com/w3c/webauthn/pull/1298
- 19:16:17 [jfontana]
- elundb erg: need more reviewers
- 19:16:23 [jfontana]
- selfissue: can you help
- 19:16:27 [jfontana]
- ...sure
- 19:16:47 [jfontana]
- tony: it is an editorial
- 19:17:01 [jfontana]
- https://github.com/w3c/webauthn/pull/1299
- 19:17:25 [jfontana]
- tony: akshay will help review
- 19:17:35 [jfontana]
- ...should be just editorial change
- 19:18:24 [jfontana]
- ...at face to face, #1250 #1256 #1298 and #1299 closed
- 19:18:34 [jfontana]
- tony: any questions on PR?
- 19:18:35 [jfontana]
- no
- 19:18:38 [jfontana]
- moving to issues
- 19:19:10 [jfontana]
- tony: jeff do you want to skip all editorials
- 19:19:19 [jfontana]
- jeffH: yes I have 10 and we can skip
- 19:19:33 [jfontana]
- tony: will these make wd-02
- 19:19:46 [jfontana]
- jeffH: more important wok is in cred man
- 19:19:56 [jfontana]
- shane: will these amke wd-02
- 19:20:24 [jfontana]
- tony: want to get to point at TPAC we close open PR and triage what we want in wd-02
- 19:20:32 [jfontana]
- ...close out publice review
- 19:20:44 [jfontana]
- shane: so no target date
- 19:21:23 [jfontana]
- tony: there is, on WD-02. wrap up by end of year. to get to CR, by end of year.
- 19:21:49 [jfontana]
- ...we will need at least 3 drafts, WD's, to feel comfortable with a CR
- 19:21:59 [jfontana]
- akshay: so two more working drafts
- 19:22:26 [jfontana]
- tony: I want a wd-02 after TPAC, then one before holidays, then work toward CR at beginning of year.
- 19:22:46 [jfontana]
- tony: there are some un-triaged issues to handle
- 19:23:10 [jfontana]
- https://github.com/w3c/webauthn/issues/1291
- 19:23:19 [jfontana]
- tony: is ithe wd-2 or 3
- 19:23:33 [jfontana]
- elundberg: yes, i think 3. so of these are vague
- 19:23:48 [jfontana]
- https://github.com/w3c/webauthn/issues/1292
- 19:24:09 [jfontana]
- agl: we are a bit worried about this. if this doesn't align, don't know what that means
- 19:25:04 [jfontana]
- ...i want a PR by TPAC to look at this. want to look at Apple's issues. we can discuss at TPAC
- 19:25:16 [jfontana]
- ...in some form, I will have something by the friday
- 19:25:16 [jfontana]
- T
- 19:25:21 [jfontana]
- tpac meeting
- 19:25:33 [jfontana]
- https://github.com/w3c/webauthn/issues/1293
- 19:25:57 [jfontana]
- agl: unsure of motive on this. think it breaks things
- 19:26:05 [jfontana]
- akshay: what is this?
- 19:27:28 [jfontana]
- agl: there is user gesture. Apple is worried about the outcome of this issue.
- 19:27:38 [jfontana]
- ...android has not said they are worried about this.
- 19:27:58 [jfontana]
- ...they are uncomfortable about this.
- 19:28:31 [jfontana]
- correction: apple is uncomfortable with the issue
- 19:29:04 [jfontana]
- agl: there are cases that will break for us if we did this
- 19:29:23 [jfontana]
- JDJ_Moz: i want to talk to other RPs
- 19:29:30 [jfontana]
- nick: this would break for DUO
- 19:30:15 [jfontana]
- the issue is Requiring user gesture to call WebAuthn API
- 19:30:27 [jfontana]
- tony: this is key to discuss at TPAC
- 19:30:39 [jfontana]
- https://github.com/w3c/webauthn/issues/1294
- 19:30:48 [jfontana]
- tony: some discussion also in FIDO
- 19:31:00 [jfontana]
- akshay: I want to understand the use case.
- 19:31:18 [jfontana]
- agl: I have to leave. read my comments on the bug on Apple issue.
- 19:31:36 [jfontana]
- ...I would not fight them over Lightning.
- 19:31:51 [jfontana]
- jbradley: I am pushing for it, because google wants it in.
- 19:32:00 [jfontana]
- agl: I have not been able to talk to Christiaan
- 19:32:41 [jfontana]
- jeffh: the other thing to note. comment in issue, is hinting that apple differentiation between lightning and other things may go away.
- 19:32:45 [jfontana]
- ...but I am not sure.
- 19:32:54 [jfontana]
- akshay: I will re-read this item.
- 19:32:58 [jeffh]
- present+
- 19:33:07 [wseltzer]
- [agl departs]
- 19:33:11 [jfontana]
- ...have to think about all the OS versions.
- 19:33:27 [jfontana]
- jbradley: we think apple will support w
- 19:33:43 [jfontana]
- web authn on iOS, just when
- 19:34:08 [jfontana]
- jbradley: HID over iOS does not work right now
- 19:34:16 [jfontana]
- tony: no issues other than that.
- 19:34:41 [jfontana]
- jbradley: there are some things we can do to signal to RP
- 19:34:52 [jfontana]
- https://github.com/w3c/webauthn/issues/1296
- 19:34:57 [jfontana]
- tonhy: we will do this face to face.
- 19:35:05 [jfontana]
- ...will this break anybody?
- 19:35:35 [jfontana]
- akshay: we have a mix of authenticators, I would preferto do this in the browser.
- 19:35:45 [jfontana]
- ...we need to clarify.
- 19:36:20 [jfontana]
- tony: we want to make this consistent
- 19:36:23 [jfontana]
- ...this is normative change
- 19:37:16 [jfontana]
- jeffH: try to fix the inconsistencies here.
- 19:37:56 [jfontana]
- tony: akshay you want it handled in thet browsers?
- 19:38:09 [jfontana]
- akshay: that is initial reaction
- 19:38:25 [jfontana]
- jeffH: consider if it is browser job to do truncation
- 19:38:40 [jfontana]
- https://github.com/w3c/webauthn/issues/1297
- 19:38:55 [jfontana]
- shane: think google has more of a vested interest than I do.
- 19:40:23 [jfontana]
- ...I think this can close with no action, but maybe keep it open until Google can comment
- 19:40:30 [jfontana]
- jeffH: yes, google will think about this.
- 19:42:04 [jfontana]
- tony: where do we stand on #1199
- 19:42:17 [jfontana]
- https://github.com/w3c/webauthn/issues/1199
- 19:42:31 [jfontana]
- akshay: it is not clear. not as simple as we thought
- 19:42:43 [jfontana]
- jeffH: move to wd-03 l2
- 19:42:53 [jfontana]
- akshay: yes, this is very tricky
- 19:43:01 [jfontana]
- jeffH: agreed
- 19:43:19 [jfontana]
- tony: what about https://github.com/w3c/webauthn/issues/1285
- 19:43:29 [jfontana]
- tony: does anyone do this today
- 19:43:32 [jfontana]
- akshay: no
- 19:43:57 [jfontana]
- shane: this is one thing I put in my user profiles, but when I thought no browser supported, I thought why do we have it.
- 19:44:09 [jfontana]
- jeffH: i am trying to find my notes. we have discussed.
- 19:44:27 [jfontana]
- nick: could be used by RP on the page
- 19:44:44 [jfontana]
- akshay: is antoher use case with mobile, and if they can show it.
- 19:44:53 [jfontana]
- ...removing is too extreme right tnow
- 19:45:22 [jfontana]
- jeffH: we talked about this yesterday. various ways to approach for fixing
- 19:45:33 [jfontana]
- ...could be draconian, and restrict to data URLs
- 19:45:46 [jfontana]
- ...there are subtle but important consideration.
- 19:46:18 [jfontana]
- elundberg: restricting it to data URLs would restrict to roaming authenticators.
- 19:46:48 [jfontana]
- jeffH: lot going on to get this right. it is under specified or mis-specified
- 19:47:06 [elundberg]
- s/restrict to roaming authenticators/make it practically unusable with limited-hardware authenticators/
- 19:47:21 [jfontana]
- tony: this takes us through all the technical issues we haven
- 19:47:45 [jfontana]
- jeffH: waiting for PR on #1286
- 19:48:38 [jfontana]
- akshay will make a comment in #1286
- 19:49:01 [jfontana]
- wseltzer: we will have dial-in for TPAC
- 19:49:18 [jfontana]
- shane: can you add instructions for that.
- 19:49:48 [jfontana]
- tony: adjourn
- 19:51:21 [jfontana]
- RRSagent, make logs public
- 19:51:38 [jfontana]
- rrsagent, draft minutes
- 19:51:38 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/11-webauthn-minutes.html jfontana
- 19:52:52 [jfontana]
- zakim, list attendees
- 19:52:52 [Zakim]
- As of this point the attendees have been wseltzer, jfontana, nsteele, nmooney, Akshay, David_Turner, David_Waite, elundberg, jcj_moz, nadalin, agl, sbweeden, pasan, selfissued,
- 19:52:55 [Zakim]
- ... jbarclay, jeffh
- 19:53:27 [jfontana]
- rrsagent, draft minutes
- 19:53:27 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/11-webauthn-minutes.html jfontana
- 19:54:04 [jfontana]
- zakim, bye
- 19:54:04 [Zakim]
- leaving. As of this point the attendees have been wseltzer, jfontana, nsteele, nmooney, Akshay, David_Turner, David_Waite, elundberg, jcj_moz, nadalin, agl, sbweeden, pasan,
- 19:54:04 [Zakim]
- Zakim has left #webauthn
- 19:54:07 [Zakim]
- ... selfissued, jbarclay, jeffh
- 19:54:23 [jfontana]
- rrsagent, bye
- 19:54:23 [RRSAgent]
- I see no action items