<wseltzer> present=
<wseltzer> �
<scribe> agenda:
https://lists.w3.org/Archives/Public/public-webauthn/2019Dec/0024.html
tony: #1330 any change
emil: waiting on #1300
https://github.com/w3c/webauthn/pull/1333
tony: there is on un-triaged
#1553
... nina opened
nina: this is for web driver
tony: anyone have chance to look
at this
jcj_moz: not enough to make
decision
jeffH: it is on the to-do
list
<jcj_moz_> https://github.com/w3c/webauthn/pull/1353
tony: nina you want this in
wd-03
nina: yes, that is correct.
jcj_moz: this is small to web
authn, but I want to see the whole model
bradley: question for nina. did
you link PR to #1352. I don't think it has anything to do with
web drivder
nina: #1353 is the correct
number
tony: move to issues
jeffH: talk about Jbradley new
issue
jbradley: I have it open and will
do the PR today
tony: #1352?
jbradely: yes. to make it
optional for authenticators to store the display name
... none of the browsers want to see it.
tony: how many authenticators
have display
nicK: crypto and ledger
tony: jc anything on #1303?
jcj_moz: cross origin. yes.
... well not really, still interested to hear more commentary
from apple and google on this
... so far google thinks this is unecessary
... but not sure where apple is.
agl: on this point, chromium has
support behind a flag
bradley: this is command line
flag
jeffH: let me clarify
... one would be to set this flag as well as allow public key
credential on iFrame in html
jcj_moz: it is a pre-relase
flag
agl: we want payment people to
play with this and see what works and what does not
tony: nick?
... can you look
nick: can do
bradley: in canary
... yes.
agl: this will work through the
windows api
tony: I think that is the only
issue I had questions about
jcj_moz: want to ask, any more
conversation on threat model on cross origin tracking.
... #`1336
agl: I suspect the answer is
no
... what do you want to know
jcj_moz: just get the temp. on
how cross origin iframes work
... last we left off jeffH was going to read about web push and
stare in that void
... has jeff come back changed
jeffH: No. we still need to
discuss more internally
agl: I will scribble down to
update #1336
jcj_moz: no rush.
... need to resolve for level 2, but not wd-2
... adds a big risk factor; too much friction, and a dark cloud
on web push
<kenrb> for reference, the
flag to enable the feature policy that allows WebAuthn in
cross-origin iframes is
--enable-features=WebAuthenticationFeaturePolicy
nick: are there people opposed to
this change
jcj_moz: google has not said
either way
... we should ask payment folks
thanks nmooney
jcj_moz: want to make sure we are
not knee-capping ourselves with this
... we don't want to be reactionary
... I want to discuss the threat model and get the right
answer
JeffH: the guy who is PR Preview
tool which we have hooked to our repository. he is looking for
input
... I encourage everyone who has clicked on PR Preview to
respond to the survey. see jeff's email from today
tony: any thing else.
<Nina> https://github.com/web-platform-tests/wpt/pull/20481
nina: i want to point out all the
material is up and can be reviewed it is PR #20481
nmooney: any updates on caBLE
v2
agl: situation, look to see if
BLE is best on our platform. Have not yet finished the work on
ble chromium infrastucture
... that will eat up the rest of the year, and we will have
some thing to say about next stepsl
NSteele: timeframe?
agl: look to see if it will work,
and think next steps.
ton: maybe by Lisbon
agl: not sure how much impact on
web auth, more on ctap perhaps.
... this should just work
nmooney: agree maybe more of a
fido concern
tony: anything else.
jcj_moz: have an excellent
holiday everybody!!
rrsagent: draft minutes