IRC log of webauthn on 2024-02-21

Timestamps are in UTC.

20:02:14 [RRSAgent]
RRSAgent has joined #webauthn
20:02:19 [RRSAgent]
logging to https://www.w3.org/2024/02/21-webauthn-irc
20:02:27 [nina]
nina has joined #webauthn
20:02:29 [plh]
Meeting: Web Authentication weekly
20:02:32 [plh]
Chair: Tony
20:02:38 [plh]
present+
20:03:28 [plh]
present+ AndersA, SimoneO, NickS, TimC, Nina, MatthewM, Pascoe, David Tuner, EmilL, JohnS
20:05:05 [plh]
present+ ShaneW
20:05:31 [plh]
present+ JohnB
20:05:48 [plh]
present+ LachlanG
20:07:34 [Zakim]
Zakim has joined #webauthn
20:08:10 [steele]
Scribe: NickS
20:08:25 [steele]
Topic: Working Group General Business
20:08:38 [steele]
PLH: Are we still happy with the state of our test suites?
20:09:10 [steele]
Adam: Tests are written before anything is written in chromium, so we have w3c tests in front of everything
20:09:35 [steele]
PLH: If we're happy with tests, then happy to drop it for now
20:10:38 [steele]
PLH: Any reason why we need to have the Decentralized Identifier WG as one of our dependent groups? We haven't interacted with them in a while.
20:10:48 [steele]
Tony: It was put in there as a placeholder
20:10:56 [steele]
PLH: Okay, let's drop it
20:11:28 [steele]
PLH: Should we have care about Federated Identity WG?
20:11:35 [steele]
(in the charter)
20:11:47 [steele]
Tim: I think there's interest in having intersection
20:12:01 [steele]
Tim: it's in the proposed WG charter and CG charter that there's overlap
20:12:15 [steele]
PLH: Yeah, I'm asking if we should add it
20:13:07 [steele]
PLH: Do we want to switch to a more liberal license? We've been using the same license for 2 years that restricts things like copying the spec
20:13:21 [steele]
Tim is unsure what license means in the context of a public specification, as am I
20:13:46 [steele]
PLH: The license is mostly around the copyright of the spec
20:14:12 [steele]
...most other working groups have caveats that allows for things like the ability to fork a spec
20:14:42 [steele]
Adam: I thought we agreed on this last time
20:15:04 [steele]
DavidT: I also thought so, I believe I checked with FIDO as well and they were on board
20:15:18 [steele]
PLH: Okay, then we'll go ahead with reviewing/changing the license
20:15:29 [steele]
PLH: We should have a new charter in about 2.5 months
20:15:43 [steele]
That's all general business
20:16:44 [steele]
TOPIC: Pull Requests
20:16:47 [steele]
https://github.com/w3c/webauthn/pull/1954
20:17:00 [steele]
present+ DavidWaite
20:17:42 [steele]
Pascoe: My internal contact said this is okay
20:17:48 [steele]
present+ JohnPascoe
20:18:00 [steele]
DavidWaite: This should be good to go
20:18:27 [steele]
Tony: Emil are you good with this one?
20:18:51 [steele]
Emil: we added an example in 53, unmerged yet
20:19:20 [steele]
https://github.com/w3c/webauthn/pull/1953
20:19:29 [steele]
Need to add examples
20:20:07 [steele]
https://github.com/w3c/webauthn/pull/1951
20:20:58 [steele]
Pascoe: I've addressed comments on this, most of the outstanding comments have been addressed. Emil if you could please review
20:21:06 [steele]
Tony: Nick have you reviewed?
20:21:16 [steele]
NickS: yes, but let me formally LGTM the PR
20:21:29 [steele]
Adam: I'll defer to Nina on this PR
20:21:50 [steele]
https://github.com/w3c/webauthn/pull/2027 by Emil
20:21:58 [steele]
Emil: This just fixes a numbering of steps
20:22:13 [steele]
Matthew just approved to help speed the request
20:22:44 [steele]
Adam and Nick approve
20:23:18 [steele]
2027 has been merged by Emil
20:23:20 [steele]
https://github.com/w3c/webauthn/pull/2018
20:24:08 [steele]
Anders: Nina had good feedback
20:24:12 [steele]
Nina: Merge it
20:24:21 [steele]
NickS merges with no disagreement
20:24:27 [steele]
https://github.com/w3c/webauthn/pull/2019
20:24:51 [steele]
Adam: Nina are we okay with this?
20:25:19 [steele]
Nina is okay with some amount of pedantry
20:25:53 [steele]
A quick fix has been added
20:27:09 [steele]
Tony: Any issues merging?
20:27:11 [steele]
None
20:27:13 [steele]
NickS merges
20:27:21 [steele]
https://github.com/w3c/webauthn/pull/2017
20:27:40 [steele]
Emlin: I still have some issues to address on this PR
20:28:04 [steele]
Tony: is there any problem having this for L3?
20:28:13 [steele]
Emil: this should probably be part of L3, yes
20:28:15 [steele]
no dissent
20:28:29 [steele]
https://github.com/w3c/webauthn/pull/1926
20:28:46 [steele]
Tony: No known movement on this
20:29:22 [steele]
Shane: I've talked to Ackshay, he's reached out to his internal contacts again, but says if we don't get a reply, we should arrive at our own interpretation
20:32:01 [steele]
Tagging Monty Wiseman for his opinion
20:32:21 [steele]
https://github.com/w3c/webauthn/pull/2020
20:33:19 [steele]
Tim: is this going to be duplicate to Google's extension?
20:33:32 [steele]
...it looks like Christiaan worked on it as well
20:33:33 [steele]
unclear
20:34:16 [steele]
John: Comes down to what are browsers comfortable with presenting in secure Chrome that's coming from the verifier? The problem we had in the past is that browsers said "no, we're not going to show an arbitrary string""
20:34:44 [steele]
JohnB: If browsers have changed their mind on showing potentially unsecured strings in the browser then hooray we can move forward with this.
20:35:30 [steele]
Shane: when I first got involved in L1, I thought these extensions were cool and then they never got used, and I was sad :(
20:35:49 [steele]
Shane: and now they're back and I think they're really cool and want to use them :)
20:36:19 [steele]
Tony: Has anyone talked with WPWG folks on this?
20:36:28 [steele]
JohnB: I imagine this is known
20:37:02 [steele]
Shane: I still a place for a simple extension like this
20:37:24 [steele]
Shane: and a place for one with rigid structure characteristic ones like payments
20:40:23 [steele]
Nick: this would be easier for some passkey providers, where there's more control over the dom
20:41:17 [steele]
Tim: the big question is whether browsers are going to move ahead with implementing this extension, which they've been apprehesive about in the past
20:46:30 [steele]
General discussion around the purpose and devlopment of the extension
20:55:44 [steele]
Planning to follow up with Rolf and Christiaan on their intentions with the extension.
20:57:39 [steele]
TOPIC: Discussion around UV requirements for 3rd party passkey providers
21:07:58 [steele]
Zakim, list participants
21:07:58 [Zakim]
As of this point the attendees have been DavidWaite, JohnPascoe
21:08:01 [steele]
RRSAgent, make logs public
21:08:06 [steele]
RRSAgent, generate minutes
21:08:07 [RRSAgent]
I have made the request to generate https://www.w3.org/2024/02/21-webauthn-minutes.html steele