20:02:14 RRSAgent has joined #webauthn 20:02:19 logging to https://www.w3.org/2024/02/21-webauthn-irc 20:02:27 nina has joined #webauthn 20:02:29 Meeting: Web Authentication weekly 20:02:32 Chair: Tony 20:02:38 present+ 20:03:28 present+ AndersA, SimoneO, NickS, TimC, Nina, MatthewM, Pascoe, David Tuner, EmilL, JohnS 20:05:05 present+ ShaneW 20:05:31 present+ JohnB 20:05:48 present+ LachlanG 20:07:34 Zakim has joined #webauthn 20:08:10 Scribe: NickS 20:08:25 Topic: Working Group General Business 20:08:38 PLH: Are we still happy with the state of our test suites? 20:09:10 Adam: Tests are written before anything is written in chromium, so we have w3c tests in front of everything 20:09:35 PLH: If we're happy with tests, then happy to drop it for now 20:10:38 PLH: Any reason why we need to have the Decentralized Identifier WG as one of our dependent groups? We haven't interacted with them in a while. 20:10:48 Tony: It was put in there as a placeholder 20:10:56 PLH: Okay, let's drop it 20:11:28 PLH: Should we have care about Federated Identity WG? 20:11:35 (in the charter) 20:11:47 Tim: I think there's interest in having intersection 20:12:01 Tim: it's in the proposed WG charter and CG charter that there's overlap 20:12:15 PLH: Yeah, I'm asking if we should add it 20:13:07 PLH: Do we want to switch to a more liberal license? We've been using the same license for 2 years that restricts things like copying the spec 20:13:21 Tim is unsure what license means in the context of a public specification, as am I 20:13:46 PLH: The license is mostly around the copyright of the spec 20:14:12 ...most other working groups have caveats that allows for things like the ability to fork a spec 20:14:42 Adam: I thought we agreed on this last time 20:15:04 DavidT: I also thought so, I believe I checked with FIDO as well and they were on board 20:15:18 PLH: Okay, then we'll go ahead with reviewing/changing the license 20:15:29 PLH: We should have a new charter in about 2.5 months 20:15:43 That's all general business 20:16:44 TOPIC: Pull Requests 20:16:47 https://github.com/w3c/webauthn/pull/1954 20:17:00 present+ DavidWaite 20:17:42 Pascoe: My internal contact said this is okay 20:17:48 present+ JohnPascoe 20:18:00 DavidWaite: This should be good to go 20:18:27 Tony: Emil are you good with this one? 20:18:51 Emil: we added an example in 53, unmerged yet 20:19:20 https://github.com/w3c/webauthn/pull/1953 20:19:29 Need to add examples 20:20:07 https://github.com/w3c/webauthn/pull/1951 20:20:58 Pascoe: I've addressed comments on this, most of the outstanding comments have been addressed. Emil if you could please review 20:21:06 Tony: Nick have you reviewed? 20:21:16 NickS: yes, but let me formally LGTM the PR 20:21:29 Adam: I'll defer to Nina on this PR 20:21:50 https://github.com/w3c/webauthn/pull/2027 by Emil 20:21:58 Emil: This just fixes a numbering of steps 20:22:13 Matthew just approved to help speed the request 20:22:44 Adam and Nick approve 20:23:18 2027 has been merged by Emil 20:23:20 https://github.com/w3c/webauthn/pull/2018 20:24:08 Anders: Nina had good feedback 20:24:12 Nina: Merge it 20:24:21 NickS merges with no disagreement 20:24:27 https://github.com/w3c/webauthn/pull/2019 20:24:51 Adam: Nina are we okay with this? 20:25:19 Nina is okay with some amount of pedantry 20:25:53 A quick fix has been added 20:27:09 Tony: Any issues merging? 20:27:11 None 20:27:13 NickS merges 20:27:21 https://github.com/w3c/webauthn/pull/2017 20:27:40 Emlin: I still have some issues to address on this PR 20:28:04 Tony: is there any problem having this for L3? 20:28:13 Emil: this should probably be part of L3, yes 20:28:15 no dissent 20:28:29 https://github.com/w3c/webauthn/pull/1926 20:28:46 Tony: No known movement on this 20:29:22 Shane: I've talked to Ackshay, he's reached out to his internal contacts again, but says if we don't get a reply, we should arrive at our own interpretation 20:32:01 Tagging Monty Wiseman for his opinion 20:32:21 https://github.com/w3c/webauthn/pull/2020 20:33:19 Tim: is this going to be duplicate to Google's extension? 20:33:32 ...it looks like Christiaan worked on it as well 20:33:33 unclear 20:34:16 John: Comes down to what are browsers comfortable with presenting in secure Chrome that's coming from the verifier? The problem we had in the past is that browsers said "no, we're not going to show an arbitrary string"" 20:34:44 JohnB: If browsers have changed their mind on showing potentially unsecured strings in the browser then hooray we can move forward with this. 20:35:30 Shane: when I first got involved in L1, I thought these extensions were cool and then they never got used, and I was sad :( 20:35:49 Shane: and now they're back and I think they're really cool and want to use them :) 20:36:19 Tony: Has anyone talked with WPWG folks on this? 20:36:28 JohnB: I imagine this is known 20:37:02 Shane: I still a place for a simple extension like this 20:37:24 Shane: and a place for one with rigid structure characteristic ones like payments 20:40:23 Nick: this would be easier for some passkey providers, where there's more control over the dom 20:41:17 Tim: the big question is whether browsers are going to move ahead with implementing this extension, which they've been apprehesive about in the past 20:46:30 General discussion around the purpose and devlopment of the extension 20:55:44 Planning to follow up with Rolf and Christiaan on their intentions with the extension. 20:57:39 TOPIC: Discussion around UV requirements for 3rd party passkey providers 21:07:58 Zakim, list participants 21:07:58 As of this point the attendees have been DavidWaite, JohnPascoe 21:08:01 RRSAgent, make logs public 21:08:06 RRSAgent, generate minutes 21:08:07 I have made the request to generate https://www.w3.org/2024/02/21-webauthn-minutes.html steele