W3C

- DRAFT -

Web Authentication WG

07 Oct 2020

Agenda

Attendees

Present
jeffh, jcj_moz, jbarclay, nina
Regrets
Chair
SV_MEETING_CHAIR
Scribe
jfontana

Contents

Tony: we want to take a poll, survey to start to proceed to CR.
... are we OK to start the preliminary work
... saying we will resolve what we have left.
... any objetion to this movement

<wseltzer> PROPOSED: Move to CR

tony: we have consensus to move to CR?

<wseltzer> [no objections]

RESOLUTION: Move to CR

jeffH: I don't think we are hearing aany objection

jbradley for FIDO spwg 1.4 was shipped off

scribe: asked them to do a mail ballot
... privacy stuff is going to the next Board meeting.

DTurner: it is going to a mail vote.
... there is security and privacy votes for the FIDO Board

tony: had joint meeting with SWPSIG.
... next week our TPAC meeting is scheduled
... Oct 14
... here were questions about our implementation status
... need to rely on Chrome and Edge to see where we stand for implementation.

agl: we are in pretty good shape. we have public 🔑 and all of that.

tony: if we can get that passed as a separate browser
... Akshay what is yor status on Chrominum
... very close
... from web authn prespective looks like all the pieces are there.
... what do we think target date is for implementation
... november

agkl: we can argue we have two browser implementataions

jbradley: which of the extensions may need more implementations for issues like large blob

agl: all the web parts are there and should go through

jbradley: if windows DLL does not block it then we are fine.

agl: large getting fleshed out, uvm went though last time.

shane: what ab out cred prop

agl: should go through

jbradely: only implemetation is chrome on android

agl: yes. for UVM

tony: Akshay is canary is available.

aksahy: yes.

tonhy: is Edge build available

akshay: yes.

agl: it will be a few weeks.

tony: D.Turner, likely have to update the web platform tests.

agl: they should be maintained,mostly chrome folks

nina: that is pretty much up to date.

tny: akshay have you run tests against Edge

nina: they ran against Edge, you can see them online

<nina> https://wpt.fyi/results/webauthn?label=master&label=experimental&aligned&q=webauthn

tony: any other questions on trying to move to CR

jc_moz: can we really count edge and chrome as to seperate? I don't think is good precedence
... the goal is interop

tony: they are two separate browsers that share some code.

jc_moz: there is going to be some push back.

agl: they are two separate browsers

jc_moz it was two separate engines.

tony: I don't see where it says that.

jbradley: ... wehn are we likely to see firefox with levele 2 support

jc_moz: I don't have a date yet.
... I am owkring on it.
... working

shane: what about safari? tech preview

JTan: muy answer much like JC's. we don't have a date for it.

tony: so brings us back to considers as separate

jbradley: or have one of the others completed.

agl: we are not the only working group to work about this.

tony: there has to be some precedence, like shared libraries.

shane: questions on associated doc. in web authn we refer to IANA registry
... at the moment it does not contain apple, but does not have nun format.

jeffH; we get that registered by have specification

jeffH; if we s=missed this need to get with iana

scribe: apple format , the new final for attestation format. when we get there we ask IANA to register the new format

tony: we solved some things at final last time. there is precedence.
... lets go to PRs

https://github.com/w3c/webauthn/pull/1474

alanwaketan: what is the order of landing attestation first and the #1474 again or vice versa

agl: weren't we looking at new type.

jeffH: need to get new pull request ready
... then land them

alanwaketan: thanks

tony: so we still have to update #1474

jeffH: short answer, yes.

https://github.com/w3c/webauthn/pull/1488

jbradley: mike is on vacation

tony: unless objections, lets merge.
... OK, no objections

jeffH: merged

tony: so only one PR left.

JTan: apple attestation. it looks good.

jbradley: comments longer than PR

nickS: PR looks fine.
... I would approve after discussion
... I am waiting for this PR before pushing to Web Auth I.O

agl: reading this PR through. does cred cert do the signing?\

jTan: you mean intermediate CA?

agl: does the cred cert accept nonce

jeffh: sing with credential private key
... sign with...
... discussion on signing
... may need to add more explination on the PR

nicks: described what the action is trying to accomplish.

shane: I have implemented this also
... another comment in PR. goes along lines of steps for attestation, but if you look at section 7.1
... step 20 is processed and looks for trust anchor. the ask in comment and I tend to agree
... should end with returnin statrement format. and then let step 20 do chain validation.
... all the other attestation that use X5C do that

jTan: I need to read that comment

Shane: why do we have attestation types.

agl: does it have to do with outcome

<jeffh> https://w3c.github.io/webauthn/#sctn-attestation-types

<jeffh> https://w3c.github.io/webauthn/#attestation-type

discussion on attestation...

shane: don't think there is much value is splitting these attestations

jeffh: one of the PRs is to change the name

shane: to what end

jbradley

shane: as we look at the way this PR should be updated for consistency attestation trust path of X5C and attestation statement type of anonimization CA
... so I kind of agree with
... Bart's comment

tony: that takes us through PRs.
... on to issues. ...https: //github.com/w3c/webauthn/issues/1489

jeffh: low priority

tony: is this something you will do

jeffH: just noting it
... I don't think it would be something to clean-up.

tony: leave unassigned.
... any issues to discuss now that we have Apple attestation.
... that takes us through technical issues.
... just waiting on editorial issues

jeffH: will solve....or not

jc_moz: I don't think we have two independent implelmentations.

tony: that is one opinion.
... are you objecting?

jc_moz: don't think we need two to go to CR, but is for Recommendation

tony: so we will start discussions

jc_moz: works for me so far.

tony: adjourn.

Summary of Action Items

Summary of Resolutions

  1. Move to CR
[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version (CVS log)
$Date: 2020/10/07 20:00:26 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision of Date 
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Present: jeffh jcj_moz jbarclay nina
No ScribeNick specified.  Guessing ScribeNick: jfontana
Inferring Scribes: jfontana

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Oct/0007.html

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]