IRC log of webauthn on 2022-01-12

Timestamps are in UTC.

19:59:22 [RRSAgent]: RRSAgent has joined #webauthn
19:59:22 [RRSAgent]: logging to https://www.w3.org/2022/01/12-webauthn-irc
19:59:24 [Zakim]: RRSAgent, make logs Public
19:59:25 [Zakim]: Meeting: Web Authentication WG
20:00:33 [wseltzer]: wseltzer has changed the topic to: Agenda 12 January https://lists.w3.org/Archives/Public/public-webauthn/2022Jan/0024.html
20:00:37 [wseltzer]: Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2022Jan/0024.html
20:00:42 [wseltzer]: chair: nadalin, fontana
20:01:01 [selfissued]: selfissued has joined #webauthn
20:01:46 [selfissued]: present+
20:02:06 [tara]: tara has joined #webauthn
20:03:24 [tara]: tara has left #webauthn
20:04:50 [jfontana]: jfontana has joined #webauthn
20:06:53 [tara]: tara has joined #webauthn
20:07:40 [dveditz]: dveditz has joined #webauthn
20:07:50 [jfontana]: does not look like this will resolve anytime soon.
20:07:58 [jfontana]: could impact what we want to get done.
20:08:11 [jfontana]: Wendy can you shed some light on us.
20:08:25 [jfontana]: tony: I don't want to get into trouble
20:08:38 [jfontana]: wnedy: still under esisting charter, we are free to work on
20:08:44 [jfontana]: the FO was rasied to re-charting
20:09:05 [jfontana]: ...it is not about any specific to the group
20:09:21 [jfontana]: ...spinning up a council to handle the FO (formal objection)
20:09:44 [jfontana]: ...working with advisory board and TAG to make process efficient
20:09:56 [jfontana]: ...hope to conclude in a few months
20:10:10 [jfontana]: tony: so this slows work on level 3
20:10:29 [jfontana]: wendy: can't go outside the current charter
20:10:40 [jfontana]: tony: there are other groups going through this
20:10:47 [nsteele]: nsteele has joined #webauthn
20:10:57 [nsteele]: present +
20:11:02 [jfontana]: agl: we had items in charter for level 3.
20:11:11 [jfontana]: ...if you read level 2 everything is in that scope
20:11:36 [jfontana]: tony: we could say that almost anything
20:11:45 [jfontana]: ...my concern if people come back and say this is not right
20:12:01 [jfontana]: agl: it says we are in scope if you read it.
20:12:13 [jfontana]: ...nothing in level 3 is going outside of that
20:12:45 [jfontana]: ...I think it is plausible that we have a lot in scope
20:12:55 [jfontana]: jeffH: I think adam has a good point
20:13:15 [jfontana]: tony: there are things we could do, but some are fairly major items
20:13:28 [jfontana]: agl: I think it is the chairs call
20:13:40 [jfontana]: ...are thing that are essentially not level 2, but 3
20:14:03 [jfontana]: tony: I would say backup and recovery are fairly major.
20:14:17 [jfontana]: agl: conditional UI, how do you feel about that
20:14:41 [jfontana]: tony: ambivalent about that, likely. I would say that is OK to contiue to work on
20:14:48 [jfontana]: ...not a lot of new technical work
20:15:11 [jfontana]: agl: device-bound key proposal is part of that, guess we have to pause that?
20:15:29 [jfontana]: tony: if people don't agree, lets find that out
20:15:45 [jfontana]: DWaite: work that is in conflict is the work we sould avoid .
20:16:16 [jfontana]: ...other features I don't see objection to other parts of charter
20:16:41 [jfontana]: NSteele: feal there are channels we can continue to work on
20:17:02 [wseltzer]: q+
20:17:11 [jfontana]: tony: the draft charter is out there.
20:17:12 [wseltzer]: https://www.w3.org/2002/09/wbs/33280/webauthn2021/results
20:17:42 [jfontana]: tony: the objection is not about our charter. It is just some procedure that has to go on to eliminate the FO
20:17:48 [wseltzer]: s|https://www.w3.org/2002/09/wbs/33280/webauthn2021/results|Charter">https://www.w3.org/2002/09/wbs/33280/webauthn2021/results|Charter review ->https://www.w3.org/2002/09/wbs/33280/webauthn2021/results |
20:18:16 [jeffh]: present+
20:18:25 [jfontana]: present+
20:18:54 [selfissued]: selfissued has joined #webauthn
20:19:30 [jfontana]: wendy: we are called out in objection, but not specific to the contents of our charter
20:19:57 [jfontana]: tony: seeing these objections being raised and then have them come back and say we were out of our charter
20:20:43 [jfontana]: akshay: is it is snapshot or does it cover anything.
20:20:51 [jfontana]: ...when will charter be finalized.
20:21:01 [jfontana]: wendy: goal to get it done before march
20:21:04 [jfontana]: ...plausible
20:21:35 [selfissued]: present+
20:21:46 [jfontana]: tony: my opinion would be to discuss things have issues, but now a PR on these issues. not merge
20:21:53 [jfontana]: ...that was my interpretation
20:22:11 [jfontana]: jeffH: working on pull requests are OK, but they don't land anywhere.
20:22:13 [selfissued]: Could someone resend the objection link? My IRC crashed.
20:22:44 [wseltzer]: s|Could someone resend the objection link? My IRC crashed.||
20:22:49 [jfontana]: mmiller: charter process? how can this be derailed by one person.
20:22:53 [jfontana]: ...how did this happen
20:22:58 [jfontana]: tony: it is the process
20:23:22 [jfontana]: tony: some of it is about equality
20:23:32 [jfontana]: wendy: could be a feature or a bug
20:24:16 [jfontana]: ...twist here, W3C is evolving process from TBL conclusion to have a solution that goes beyond the current format
20:24:20 [wseltzer]: s/could be a feature or a bug
20:25:02 [jfontana]: mmiller: if we follow letter of this, will we see anything on this before the issue is solved.
20:25:03 [wseltzer]: s/could be a feature or a bug/Our process requires us to address every formal objection/
20:26:17 [jfontana]: tony: questionable state between level 2 and new level 3 charter.
20:27:03 [jfontana]: ...we are on a bit of an edge here
20:27:06 [matthewmiller]: matthewmiller has joined #webauthn
20:27:09 [jfontana]: ...I stick to my proposal
20:27:18 [jfontana]: agL: I am OK with that
20:27:39 [jfontana]: ...can't land in editors draft until this is resolved.
20:27:51 [jfontana]: tony: I don't think we can get a formal review on this
20:28:36 [jfontana]: dwaite: I feel OK proceeding the way Tony laid it out
20:29:12 [jfontana]: ...things that are dealing with export of keys and other issues, just can't land work
20:29:22 [jfontana]: selfissue: that sounds pragmatic to me.
20:29:40 [jfontana]: tim: could take a big hit, may impact FIDO
20:29:46 [jfontana]: tonuy: I see david and rae are on.
20:30:03 [jfontana]: tony: there will be impact.
20:30:17 [jfontana]: tony: 3 or 6 month delay could happen
20:31:07 [jfontana]: tony: if no one objects than I think we should proceed as we have talked about
20:31:29 [jfontana]: wendy: I will keep the group posted as we make progress
20:32:03 [jfontana]: https://github.com/w3c/webauthn/pull/1663
20:32:12 [jfontana]: jeffH: chipping away at this
20:32:37 [jfontana]: ...I have some remaining items.
20:33:10 [jfontana]: https://github.com/w3c/webauthn/pull/1576
20:33:16 [jfontana]: jeffH: I think that is ready to go.
20:33:28 [jfontana]: tony: we can do reviews and get sign-offs
20:33:45 [jfontana]: agl: is conditional UI within scope?
20:33:49 [jfontana]: tony: I would be fine with that.
20:34:11 [jfontana]: jeffH: this has been reviewed as we have been going along
20:34:22 [jfontana]: ...still need some reviews.
20:35:44 [jfontana]: tony: https://github.com/w3c/webauthn/pull/1425
20:37:01 [jfontana]: elundberg: take a look at last couple of comments in #1640
20:37:22 [jfontana]: ...it looks like we could unlock some things as browser features
20:37:50 [jfontana]: ...thing this could also be tied to an authenticator feaure
20:37:54 [jfontana]: ...feature
20:38:44 [dwaite]: dwaite has joined #webAuthn
20:39:36 [jfontana]: tony: we have some un-triaged issues
20:39:50 [jfontana]: https://github.com/w3c/webauthn/issues/1687
20:39:58 [jfontana]: jeffH: minor, editorial
20:40:48 [jfontana]: elundberg: I can do this in the next couple of days. queue it up
20:41:13 [jfontana]: tony: https://github.com/w3c/webauthn/issues/1688
20:42:31 [jfontana]: shane: concern here is passkey issue. for RPs, the idea of supporting log-in where root of trust is cloud provider account alone is a scary thought
20:42:44 [jfontana]: ...more of a state of mind. who has control of account?
20:44:12 [jfontana]: ...ifd I am an RP that is adverse to passkeys, because losing control, then how do I do it with webauthn
20:44:44 [jfontana]: alg: RPs that want some complexity in risk score, the solution is there in passkey.
20:45:21 [jfontana]: ...things that are platform bound today will continue to be that
20:47:36 [jfontana]: ...I understand the approach, but it would mean attestation is compulsory
20:52:11 [jfontana]: agl: RPs that want to get extra stuff have to do more work, but think that is the right way
20:52:23 [jfontana]: shane: I accept that point of view
20:52:46 [jfontana]: ...I expect we will see more push back on this.
20:54:02 [jfontana]: agl: this can be a big change. device bound key extension. still getting all things together.
20:59:09 [jfontana]: tony: leave this one hanging right now.
20:59:29 [jfontana]: shane: it looks destine to a close with an explanation.
20:59:47 [jfontana]: tony: what is cadance for meetings. every two weeks?
21:00:03 [jfontana]: Nsteele: two weeks is good for Web Authn CG
21:00:08 [jfontana]: agl: keep it is same
21:00:23 [jfontana]: ...stay in sync with FIDO TWG
21:01:09 [wseltzer]: [adjourned]
21:02:05 [jfontana]: rrsagent, make logs public
21:02:20 [jfontana]: rrsagent: draft minutes
21:02:20 [RRSAgent]: I have made the request to generate https://www.w3.org/2022/01/12-webauthn-minutes.html jfontana
21:02:51 [jfontana]: Zakim, list attendees
21:02:51 [Zakim]: As of this point the attendees have been selfissued, jeffh, jfontana
21:04:58 [jfontana]: Additional attendees: M. Miller, N.Steel, D.Waite, M. Jones, W. Seltzer, Tony Nadalin,
21:05:13 [jfontana]: Chairs: Nadalin, Fontana
21:05:55 [jfontana]: *web page updated with minutes
21:06:08 [jfontana]: Zakim, bye
21:06:08 [Zakim]: leaving. As of this point the attendees have been selfissued, jeffh, jfontana
21:06:08 [Zakim]: Zakim has left #webauthn
21:06:25 [jfontana]: rrsagent, bye
21:06:25 [RRSAgent]: I see no action items