IRC log of webauthn on 2021-05-05
Timestamps are in UTC.
- 19:03:39 [RRSAgent]
- RRSAgent has joined #webauthn
- 19:03:39 [RRSAgent]
- logging to https://www.w3.org/2021/05/05-webauthn-irc
- 19:03:41 [Zakim]
- RRSAgent, make logs Public
- 19:03:43 [Zakim]
- Meeting: Web Authentication WG
- 19:03:44 [wseltzer]
- Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2021May/0023.html
- 19:03:53 [wseltzer]
- wseltzer has changed the topic to: 5 May https://lists.w3.org/Archives/Public/public-webauthn/2021May/0023.html
- 19:04:40 [wseltzer]
- present+
- 19:07:39 [jfontana]
- tony: TPAC. Group meeting. We can do that. Virtual
- 19:08:02 [jfontana]
- present+
- 19:08:03 [dveditz]
- dveditz has joined #webauthn
- 19:08:13 [dveditz]
- present+
- 19:08:49 [jfontana]
- https://github.com/w3c/webauthn/pull/1609
- 19:09:06 [jfontana]
- elundberg: likely a typo
- 19:09:14 [jfontana]
- tony: merge
- 19:09:21 [jfontana]
- https://github.com/w3c/webauthn/pull/1607
- 19:09:43 [jfontana]
- elundberg: editorial. fix date.
- 19:10:33 [jfontana]
- https://github.com/w3c/webauthn/pull/1600
- 19:10:37 [jfontana]
- akshay: looks fine.
- 19:10:40 [matthewmiller]
- matthewmiller has joined #webauthn
- 19:10:49 [jfontana]
- tony: merge
- 19:11:03 [jfontana]
- https://github.com/w3c/webauthn/pull/1599
- 19:11:09 [jfontana]
- tony: any issues.
- 19:11:34 [jfontana]
- https://github.com/w3c/webauthn/pull/1586
- 19:13:09 [jfontana]
- agl: do 1585 first
- 19:13:13 [jfontana]
- https://github.com/w3c/webauthn/pull/1585
- 19:13:23 [jfontana]
- jeffH: merged
- 19:13:29 [jfontana]
- https://github.com/w3c/webauthn/pull/1586
- 19:13:34 [jfontana]
- jeffH: merged.
- 19:13:44 [jfontana]
- https://github.com/w3c/webauthn/pull/1576
- 19:14:03 [jfontana]
- jeffH: may want to mark as draft. this will be on-going discusson
- 19:14:14 [jfontana]
- dtony: mark it as draft.
- 19:14:35 [jfontana]
- https://github.com/w3c/webauthn/pull/1425
- 19:14:46 [jfontana]
- jeffH: this is another on-going discussion
- 19:14:56 [jfontana]
- elundberg: next step may be more reviews.
- 19:15:36 [jfontana]
- ..should see how it interacts with #1546, depends on how it is addressed
- 19:16:02 [jfontana]
- .. might become a special case. need to consider this
- 19:16:37 [jfontana]
- ..figure out #1546 and then go on to next one. #1425
- 19:19:10 [jfontana]
- tony: issues to look at.
- 19:19:30 [jfontana]
- https://github.com/w3c/webauthn/issues/1608
- 19:20:51 [jfontana]
- akshay: looks like they want web authn for all crypto
- 19:21:25 [jfontana]
- lundberg: have external apps and add signatures.
- 19:21:36 [jfontana]
- jbradley: we have a tension around privacy
- 19:21:47 [jfontana]
- ...audience restricted to origin.
- 19:21:59 [jfontana]
- ...don't know origin of blockchain
- 19:22:25 [jfontana]
- ...how would we do this with a FIDO assertion?
- 19:23:29 [jfontana]
- ...these are legit use cases, but open can of worms and not being thought through
- 19:23:50 [jfontana]
- ...we can stop this in the browser
- 19:25:47 [jfontana]
- ...managing certificates is hard. not sure we want to go there
- 19:28:09 [jfontana]
- ...why invent something new, if there is something else we can use.
- 19:28:30 [jfontana]
- agl: we have no intent to expand past authentication use cases
- 19:28:44 [jfontana]
- jbradley: should be hardware backed for web crypto.
- 19:28:54 [jfontana]
- ...??
- 19:29:52 [jfontana]
- agl: I don't think web authn will be the way we expose native apps
- 19:31:00 [jfontana]
- ...this issue is too ambitious. aa full-feature to talk to native apps is not web authn territory.
- 19:31:34 [jfontana]
- dwaite: could be privacy implications
- 19:32:01 [jfontana]
- jbradley: we need to understand the web cyrpto intent
- 19:32:43 [jfontana]
- jbradley: sounds like not huge move to expand web authn
- 19:33:21 [jfontana]
- ...if folks want web crypto, maybe that is worked on somewhere else
- 19:33:57 [jfontana]
- akshay: this is authtication.
- 19:34:33 [jfontana]
- ...UV is another issue, do people care about that.
- 19:36:32 [jfontana]
- wendy: this group has avoided some issues by the carefully scoped work.
- 19:37:35 [jeffh]
- see also: https://github.com/w3c/webauthn/issues/1595#issuecomment-816970977 for links to Hardware-backed Security Services Community Group, whose unfinished draft report takes a stab at a WebCrypto-linked Secure Credential Storage API.
- 19:38:00 [jfontana]
- DanV: focus on this group has been helpful. Just because we talk to hardware doesn't mean everyone should get access.
- 19:38:15 [jfontana]
- ...Web Authn is not a general anything.
- 19:38:33 [jfontana]
- agl: a statemen will be helpful
- 19:38:48 [jfontana]
- agl: not here, not , not ever
- 19:39:34 [jfontana]
- tony: you will write statement and close?
- 19:39:39 [jfontana]
- jeffH: yes
- 19:40:37 [jfontana]
- https://github.com/w3c/webauthn/issues/1603
- 19:40:55 [jfontana]
- elundberg: this is a duplicate, we should close
- 19:40:58 [jfontana]
- tony: yes.
- 19:41:30 [jfontana]
- https://github.com/w3c/webauthn/issues/1680
- 19:42:17 [jfontana]
- correction: https://github.com/w3c/webauthn/issues/1608
- 19:43:29 [jfontana]
- https://github.com/w3c/webauthn/issues/1601
- 19:43:50 [jfontana]
- jeffH: invites user to select UV modality
- 19:43:57 [jfontana]
- aakshay: close
- 19:44:14 [jfontana]
- tony: close
- 19:46:58 [jeffh]
- s/user/RP/
- 19:50:22 [jfontana]
- https://github.com/w3c/webauthn/issues/1580
- 19:50:33 [jfontana]
- agl: should close
- 19:51:04 [jfontana]
- jbradley: I will close
- 19:55:07 [jfontana]
- tony: adjourn
- 20:02:40 [wseltzer]
- rrsagent, draft minutes
- 20:02:40 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/05/05-webauthn-minutes.html wseltzer
- 23:25:13 [Zakim]
- Zakim has left #webauthn