Meeting minutes
tony: we have entered into CR
… We have started IPR process
… thanks Wendy and John
… IPR runs to Feb. 19
… some issues, but no real PRs open
https://
agl: I will reply to this, I don't think any changes are called for here
tony: you will reply, agl
agl: yes, net week we can take a look
tony: the rest are editorial.
… most are assigned to Jeff.
… any idea Jeff, which ones need work or punted
… Jeff not present
agl: decide on a deadline, then work on these
tony: deadline of week before we exit PR?
… or earlier
agl: I don't have a strong opinion
tony: that would give us 2 weeks or so
tony: we had one person who said they would submit issues, none have arrived so far.
… we also have some issues un-triaged.
https://
tony: this is editorial. move to CR bucket?
… not hearing any. move to CR status
https://
tony: this is about platform authenticators
… shane, david have commented.
shane: don't think this fine grain authn detection being asked for will be examined
tony: for llevel 3
shane: think it is a close
jeffH: I need to read this.
shane: think issue can be confusing here. it mixes products
elundberg: we have moved extensions, so this likely won't work
shane: I will file a comment and close
tony: that is the agenda for today
… do need to talk about Level 3, if we continue need to re-charter
… some things lined up for Level 3
<jeffh> https://
tony: what should we do here? what do we want to work on? Any changes to the charter
<jeffh> https://
agl: this is not on chrome's roadmap
akshay: not on windows roadmap
jbradely: was does anyone want to install such a thing.
ag: they are clear in implementing an authenticator
bradley: being an authenticator makes no sense, but could see platform
TimC: would fit with SIOP
tony: OIDC is discussing SIOP
<jeffh> on OIDC wg call, discussed SIOP (self-issued openid providers) + DIDs (+ WebAuthn?)
agl: I don't know of any motivation, but we don't have plans.
tonY: should this move to futures?
… find what we want to do before we re-issue charter
dwaite: this isn't just about PWA, there is no facility to add functionality
tony: move to futures if we don't get specifics
… moved to futures with consensus of group
tony: take on device loss
elundberg: yes, Yubico would like to do this
tony: silent authentication. Issue #199. any interst?
seflissue: I would not rule it out.
… we have not worked on this.
tony: you don't want to rule it out
BillL: I would like to see it.
akshay: I like the look of this.
jbradely: might be used as a super cookie
dwaite: needs to be more like a normal cookie.
jeffH: what are the use cases. need to flesh this out
… silence authentication has been more like brute force
tony: keep this a potential Level 3
tony: any other supporters for Level 3?
jbradley: look at use cases, and see if anything is there.
jeffH: we could punt to futures and then re-evaluate
wendy: re-charter to continue, pick up new patent policy, then amend scope
tonyu: cna w eput in scopre and not do it.
wendy: sure
tony: how about supporting software authenticators
eluncberg: seems to be like PWA
agl: this sounds like a platform concern and not an API
akshay: I agree
tony: close? futures?
akshay: close
agl: I also think close
jbradley: quickly here. it is a ctap issue. question, if ctap defined a software, could web authen recognize a platform authenticator
… close and if there is interest we can re-evaluate if software authenticator came along
… I would be against it.
agl: I can write something and close it.
tony: any objections
none
tony: issue #1255
jbradley: no real favor here.
tony: close?
… any objection to move to futures
none
tony: add additional network transport?
agl: will not be a specific caBle into Web Authn
tony: so lleave in Level 3 and also include transport hints
… transaction confirmation #1396
agl: no concrete plans, but don't want to close the door
BillL: would be nice to have a clear answer. part of PSD2
tony: any objections?
… WG would decide on work - or not- later
agl: if we don't charter for this, we may get blocked on innovation later
tony: include ein charter.
… #1372, shane?
shane: scenarios are suspect
https://
jbradlely: keep in charter, but we would have to decide on use cases
shane: have one, but not in web authn now
tony: put in scope and leave in futures?
no objections
… that takes care of all the changes that would influence scope.
agl: can I throw something out - non-module UI
<jeffh> non-modal UI
tony: any objections to that at Level 3
… could be a usability issues
jeffH: could add things to the options.
akshay: does this consider charter change
tony: usability folks may want to know
akshay: one more issue for charter?
… extension of charter. PRF extension shat was removed from level 2, does not mention issue #1462
https://
… put this back in the charter
tony: don't want to have this is charter, could be an issue
… some think it belongs outside Web Authn
… charter would be to include private key along with public key, maybe symetric keys, encryption?
jbradley: could this have objections for the charter.
… this is some working items to include in new charter.
agl: timeline?
tony: end of Jan.
tony: adjorn