tony: we have some open PRs.
... three
... they were suppose to look at those
akshay: I started looking into some of these. I am still working.
... we could move to Level 2
https://github.com/w3c/webauthn/pull/1333
working on this
https://github.com/w3c/webauthn/pull/1340
tony: akshay can you approve.
Jeffh: Akshay merged.
https://github.com/w3c/webauthn/pull/1276
jeffH: should be ready to go.
... question is could it break API. but not ture
elundberg: looks OK
tkny: jeffH cna you merge.
tony: that is all the open PRs in Wd02
... now that we have these closed we will produce a new draft.
elundberg: what about (11
... 911
tony: are we ok to generate wd-02
jeffH: yes.
agl: yes
akshay: I can't do it this week
tony: we have so wd03 PRs
... some still blocked, CTAP stuff. we also have #966
... think akshay wrote an answer
... we have #1300, which is AGLs
agl: do we want to flesh this out?
jeffh: I can help
jcj_moz: I am interested, I have done some work but it is not ready for sharing.
akshay: good to have use cases defined.
agl: we should move this PR to where it could be landable and see what people think
tony: I will move it forward.
alexei: I am willing to help RPs understand moving to web authn
jeffH: would we do that in the spec?
tony: I don't think so.
agl: we have app ID defined in this spec
selfissue: we can link to external docs from the spec. W3C allows notes
alexei: I don't care where it exists but it should point to the spec. "Here's is how you do it"
elundberg: would note be good to put things like privacy considerations.
agl: I think privacy and security should be in the main spec.
jeffH: is #1300 done
tony: I think so.
... alexei can create a note to move u2f part forward
alexei: who publishes notes
jeffH: should be on W3C.org site.
... I will help get this done.
https://github.com/w3c/webauthn/pull/1330
tony: still blocked
https://github.com/w3c/webauthn/pull/1333
jeffH: I think it is OK.
... have alexei, akshay others take a look
tony: doesn't look like any of these will land by beginning of week
... we may be OK generating wd02 at beginning of week
akshay: we have options
tony: there won't be new merges
jeffH: we need to take a good close look at spec before we put it into this process
... look at master branch
akshay: can jeffH and elundberg look at the behavior
elundberg: I will take a look
tony: shane is this something you care about.
shane: My concern, browser vendors are not implementing.
... it is only going to make a difference if there is evidence
tony: I hear people just want to re-review
https://github.com/w3c/webauthn/issues/1204
jeffH: reply on this one, should address in secure context spec
https://github.com/w3c/webauthn/issues/1292
jcj_moz: need this use case to move this forward
https://github.com/w3c/webauthn/issues/1293
tony: we left this one hanging..
... decided not to do? is that correct
jcj_Moz: I would rather not close this, I may come back to this.
... we have strong feelings on this one.
tony: OK
https://github.com/w3c/webauthn/issues/1294
tony: this is a wait situation
agl: anything you want to say on this issue
ricky: need more time on feedback
tony: keep it open
ricky: yes
https://github.com/w3c/webauthn/issues/1303
tony: this one is staying open, gathering feedback
jcj_moz: related to #1336 and #1293
... no updates here, .
https://github.com/w3c/webauthn/issues/1304
tony: rolf this is yours
rolf: not sure I have a proposal at this stage
... I've talked to RPs
alexei: we did too. guidance we give, prove to device, ..
... we say something like use this device to prove it is you
... advice is use this to verfiy
rolf: as opposed to specific names.
akshay: out platform is different, we group under Windows Hello
rolf: so RP would need to understand if it runs on windows
akshay: eveyr platform will give guidance
rolf: my concern here is, yes, RP figure it out.
... could be different on multiple platforms.
jcj_moz: there is complexity in translation. need to have a localized string
rolf: trying to understnad what is message to RP
... today it seems to be write lots of Java Script
d.waite: you have RP knows what it requires, and you have user interaction, we don't have consistent kick off for web authn
... the only other thing they can say is log-in with your YubiKey
... do others feel that way
ricky: yes. there is problem here. We tried to address in #1292.
... boiling this to high level use cases could smooth this over.
... more about high level agreement.
... think this is related.
d.waite: issue I see. if we extend branding, we hit a mis-match when presenting security options
agl: I think you learn about authenticator in the transport. explicit language is limited.
akshay: simple solution can be log in with security key. don't know if people understand
rolf: but confusing in some contexts
tony: so I assume we want to move this forward?
... at least go in to it more
rolf: yes
... too early for PR or close
... our answer should be consistent, but don't have a good one yet
https://github.com/w3c/webauthn/issues/1336
tony: JC will work on
jcj_moz: I am waiting for feedback. this could change some plans
... we published a blog about our intentions with Web push.
agl: can we split feature policy in two
jcj_Moz: I don't think that solves the bigger picture
jeffH: you could do that from technical perspective.
agl: we could keep get and leave create on ten table.
... I am hesitant to have an opinion prior to concrete usage
jcj_Moz: who are the users?
agl: we are looking at it , but flying blind right now
... have not seen anything prove out on cross origin.
... will they use it.
ricky: I appreciate your comment and we will make sure the scenario makes sense.
jcj_moz: I will cross post a site that is trying to trick people to move forward on notifications.
... I will entertain other thoughts and concerns. I want cross origin stuff to work. and feature policy
... issue with notification is more in your face
... with web authn, not so much, but still an issue
akshay: not sure how much of a problem this is now
jcj_moz I supprt ago idea to get to "get" first
jcj_moz: I don't want to cause privacy issues.
... that is all I have to say this week
tony: that takes us through Issues for wd03
... anything else to talk about?
... adjourn