- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Mon, 29 Jun 2020 19:47:17 +0200
- To: public-webauthn-adoption@w3.org
Hi, Here are the rough notes I took during our call today; next call 2 weeks from now (with my regrets). ACTIONS: * [ONGOING] ACTION: Dom to figure out what kind of patent licensing are needed for the wireframe project (based on Tony's concerns) * ACTION: Nick to ask Google contacts on CI-fication of the conformance test suite * ACTION: Alex to investigate what it would take to validate our server-side components in a CI workflow * [ONGOING] ACTION: Nick to bring up UX resources/guidance for Practical WebAuthn Discussion: # Impact of iOS14 announcements on WebAuthn Adoption WWWDC 2020 talk https://developer.apple.com/wwdc20/10670 Nick: upcoming pull request to describe new Apple attestation format, probably a level 3 thing for WebAuthn Matthew: new format shouldn't impact the project too drastically Nick: TouchId not yet available in technical demo Matthew: support only in iOS14/iPadOS14; only add support for TouchId/faceId Dom: still pretty important in terms of unlocking interest on WebAuthn; might be useful to try to release our work in a compatible timeline Bart: the beta seems to use an allowlist to filter support for touchid (doesn't work on a local site) nick: the Apple format might help with support for x-icloud auth # Practical WebAuthn project * [ONGOING] ACTION: Dom to figure out what kind of patent licensing are needed for the wireframe project (based on Tony's concerns) * Draft design document from Nick: https://docs.google.com/document/d/1IV0Feui74Swm7GLaNH69ZXrt6Tygcm313Bsew4ab_SU/edit?usp=sharing Main points: audiences/user stories, and back-end hosting Bart: the locally hosted version would be high-fidelity mockup? Nick: similar to what the initial mozilla test site was doing Matthew: I generally support the locally hosted route - easiest to get people started; need to be careful that this doesn't create too much maintenance work to match the various backends the goal is to showcase the various packages & implementations, not a demo of a particular workflow Nick: the benefit of this is that libraries submitted to this will want to align with the JS mockup for payloads formats - creates ad-hoc standardization of the server-side API Dom: re using conformance testing in CI, is there any prospect toward that? Matthew: would be great to have; not sure if we get this from conformance test suite or build it ourselves; currently not fun to run the conformance, and the conformance test suite seems to have bugs, and lacks documentation on e.g. which end-points need to be set up; it sometimes require stuff that the WebAuthn spec doesn't require Alex: should definitively be the goal David: there is active work under way to improve documentation for testing Matthew: WebAuthn doesn't really touch on metadata statements (MDS), whereas fido needs it Dom: timeline on cleanup? David: ongoing work on the wiki https://github.com/fido-alliance/conformance-test-tools-resources/wiki Nick: I believe Google has work in the area of CI-fying - I'll reach out to them Bart: can we use a headless browser with software-based authenticators? Dom: webauthn2 spec has definitions for this Alex: not terribly difficult to mock up an authenticator ACTION: Nick to ask Google contacts on CI-fication of the conformance test suite ACTION: Alex to investigate what it would take to validate our server-side components in a CI workflow See also https://github.com/fido-alliance/conformance-test-tools-resources/issues/506 Nick: we should document the technical milestones we identify for the project as we go forward Dom: our repo is available for that https://github.com/webauthn-adoption/practical-webauthn/ * [ONGOING] ACTION: Nick to bring up UX resources/guidance for Practical WebAuthn
Received on Monday, 29 June 2020 17:47:21 UTC