IRC log of webauthn on 2021-05-05

Timestamps are in UTC.

19:03:39 [RRSAgent]
RRSAgent has joined #webauthn
19:03:39 [RRSAgent]
logging to https://www.w3.org/2021/05/05-webauthn-irc
19:03:41 [Zakim]
RRSAgent, make logs Public
19:03:43 [Zakim]
Meeting: Web Authentication WG
19:03:44 [wseltzer]
Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2021May/0023.html
19:03:53 [wseltzer]
wseltzer has changed the topic to: 5 May https://lists.w3.org/Archives/Public/public-webauthn/2021May/0023.html
19:04:40 [wseltzer]
present+
19:07:39 [jfontana]
tony: TPAC. Group meeting. We can do that. Virtual
19:08:02 [jfontana]
present+
19:08:03 [dveditz]
dveditz has joined #webauthn
19:08:13 [dveditz]
present+
19:08:49 [jfontana]
https://github.com/w3c/webauthn/pull/1609
19:09:06 [jfontana]
elundberg: likely a typo
19:09:14 [jfontana]
tony: merge
19:09:21 [jfontana]
https://github.com/w3c/webauthn/pull/1607
19:09:43 [jfontana]
elundberg: editorial. fix date.
19:10:33 [jfontana]
https://github.com/w3c/webauthn/pull/1600
19:10:37 [jfontana]
akshay: looks fine.
19:10:40 [matthewmiller]
matthewmiller has joined #webauthn
19:10:49 [jfontana]
tony: merge
19:11:03 [jfontana]
https://github.com/w3c/webauthn/pull/1599
19:11:09 [jfontana]
tony: any issues.
19:11:34 [jfontana]
https://github.com/w3c/webauthn/pull/1586
19:13:09 [jfontana]
agl: do 1585 first
19:13:13 [jfontana]
https://github.com/w3c/webauthn/pull/1585
19:13:23 [jfontana]
jeffH: merged
19:13:29 [jfontana]
https://github.com/w3c/webauthn/pull/1586
19:13:34 [jfontana]
jeffH: merged.
19:13:44 [jfontana]
https://github.com/w3c/webauthn/pull/1576
19:14:03 [jfontana]
jeffH: may want to mark as draft. this will be on-going discusson
19:14:14 [jfontana]
dtony: mark it as draft.
19:14:35 [jfontana]
https://github.com/w3c/webauthn/pull/1425
19:14:46 [jfontana]
jeffH: this is another on-going discussion
19:14:56 [jfontana]
elundberg: next step may be more reviews.
19:15:36 [jfontana]
..should see how it interacts with #1546, depends on how it is addressed
19:16:02 [jfontana]
.. might become a special case. need to consider this
19:16:37 [jfontana]
..figure out #1546 and then go on to next one. #1425
19:19:10 [jfontana]
tony: issues to look at.
19:19:30 [jfontana]
https://github.com/w3c/webauthn/issues/1608
19:20:51 [jfontana]
akshay: looks like they want web authn for all crypto
19:21:25 [jfontana]
lundberg: have external apps and add signatures.
19:21:36 [jfontana]
jbradley: we have a tension around privacy
19:21:47 [jfontana]
...audience restricted to origin.
19:21:59 [jfontana]
...don't know origin of blockchain
19:22:25 [jfontana]
...how would we do this with a FIDO assertion?
19:23:29 [jfontana]
...these are legit use cases, but open can of worms and not being thought through
19:23:50 [jfontana]
...we can stop this in the browser
19:25:47 [jfontana]
...managing certificates is hard. not sure we want to go there
19:28:09 [jfontana]
...why invent something new, if there is something else we can use.
19:28:30 [jfontana]
agl: we have no intent to expand past authentication use cases
19:28:44 [jfontana]
jbradley: should be hardware backed for web crypto.
19:28:54 [jfontana]
...??
19:29:52 [jfontana]
agl: I don't think web authn will be the way we expose native apps
19:31:00 [jfontana]
...this issue is too ambitious. aa full-feature to talk to native apps is not web authn territory.
19:31:34 [jfontana]
dwaite: could be privacy implications
19:32:01 [jfontana]
jbradley: we need to understand the web cyrpto intent
19:32:43 [jfontana]
jbradley: sounds like not huge move to expand web authn
19:33:21 [jfontana]
...if folks want web crypto, maybe that is worked on somewhere else
19:33:57 [jfontana]
akshay: this is authtication.
19:34:33 [jfontana]
...UV is another issue, do people care about that.
19:36:32 [jfontana]
wendy: this group has avoided some issues by the carefully scoped work.
19:37:35 [jeffh]
see also: https://github.com/w3c/webauthn/issues/1595#issuecomment-816970977 for links to Hardware-backed Security Services Community Group, whose unfinished draft report takes a stab at a WebCrypto-linked Secure Credential Storage API.
19:38:00 [jfontana]
DanV: focus on this group has been helpful. Just because we talk to hardware doesn't mean everyone should get access.
19:38:15 [jfontana]
...Web Authn is not a general anything.
19:38:33 [jfontana]
agl: a statemen will be helpful
19:38:48 [jfontana]
agl: not here, not , not ever
19:39:34 [jfontana]
tony: you will write statement and close?
19:39:39 [jfontana]
jeffH: yes
19:40:37 [jfontana]
https://github.com/w3c/webauthn/issues/1603
19:40:55 [jfontana]
elundberg: this is a duplicate, we should close
19:40:58 [jfontana]
tony: yes.
19:41:30 [jfontana]
https://github.com/w3c/webauthn/issues/1680
19:42:17 [jfontana]
correction: https://github.com/w3c/webauthn/issues/1608
19:43:29 [jfontana]
https://github.com/w3c/webauthn/issues/1601
19:43:50 [jfontana]
jeffH: invites user to select UV modality
19:43:57 [jfontana]
aakshay: close
19:44:14 [jfontana]
tony: close
19:46:58 [jeffh]
s/user/RP/
19:50:22 [jfontana]
https://github.com/w3c/webauthn/issues/1580
19:50:33 [jfontana]
agl: should close
19:51:04 [jfontana]
jbradley: I will close
19:55:07 [jfontana]
tony: adjourn
20:02:40 [wseltzer]
rrsagent, draft minutes
20:02:40 [RRSAgent]
I have made the request to generate https://www.w3.org/2021/05/05-webauthn-minutes.html wseltzer
23:25:13 [Zakim]
Zakim has left #webauthn