- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Tue, 29 Jun 2021 08:48:46 +0200
- To: public-webauthn-adoption@w3.org
Hi, Here are the notes I scribbled during our meeting yesterday; next meeting on July 12. * impact of caBLE v2 & WebAuthn https://blog.millerti.me/2021/06/18/previewing-chromes-cable-v2-support-for-webauthn/ Further blurs the distinction between roaming & platform authenticator Matt: cable as transport vs just BLE? Nick: cable is not BLE specific, could be used as mDNS Tim: still very early days, cable is just a working name, and this is exploratory nick: part of the BLE reliance is that bluetooth proximity brings some value in security verification JohnF: Christian characterized cable as orthogonal to syncable keys Tim: probably more useful in a bootstrap scenario Matt: as Apple passkeys, this builds into account recovery & user convenience nick: does cable allows transitivity with roaming authenticators? Tim: I think that's not a use case in their roadmap, given possible confusion Tim: ultimately the platform is going to make decisions on behalf of the user nick: one of my worries about the vendor lock-in it might create on these platforms * lessons from “research: What users think about logging in without a password”? https://lists.w3.org/Archives/Public/public-webauthn-adoption/2021Jun/0004.html David: password-less is a bad term - make people feel it is insecure ... UX guidelines reflect that - hoping to see HTML version emerging Nick: FIDO UX guidelines provide good overview document of UX - I liked it ... I'm warming up to the notion that we need a term or a mark to give user's guidance on what they should expect ... cable / passkeys are going to generate very different UX [skipped] videos for WebAuthn We had discussed collaborating with the FIDO marketing group on developing intro videos on WebAuthn to help developers figure out how to get started [PENDING] ACTION: bill to summarize ideas of intro video for webauthn * HowTo FIDO [PENDING] ACTION: DavidT to look for someone to give a presentation on HowToFIDO renewed focus https://github.com/fido-alliance/how-to-fido DavidT: related to UX guidelines, but will have to relate one to another ... work on howto fido should be restarting very soon * MDN updates https://github.com/mdn/content/issues/3488 Dom: will get a first stab at writing the missing content DavidT: progress on Browser Compat data - will fork the BCD repo to prepare the pull request; still need to figure all the right version numbers data * Update on WebAuthn.how https://github.com/webauthn-adoption/practical-webauthn/ Nick: Shane (based in Asutralia, can't join the call) will be raising issues about the current passkey implementations for lack of a better place to report it at the moment Tim: happy to help with that too * Update on test suite https://github.com/webauthn-adoption/webauthn-conformance N/A * MOOC updates John: framework for modules 2 & 3 done; lots of content starting to flow in. Hoping to finish module 1 to send it for review this week; we're a bit behind, but we have a lot content * Authenticator profiles DavidT: e.g. microsoft requires a number of metadata for Azure ... could be rolled into profiles ... but then: who defines profiles? how do you stop proliferation? ... Yuri suggested the conformance suite could automate testing profiles Nick: this all based on MDS metadata, right? DavidT: yes - simplifying the job of RP Tony: MDS not getting lots of use Alex: the new format might help Tim: goal of profile is to help with buying the right keys for enterprise contexts Nick: risk of fragmentation DavidT: discussions happening in Security Requirements WG Nick: would be OK with MDS providing more complex responses if needed, but in general, would not expect to ask much from MDS DavidT: maybe a configurable test would be enough? Tim: but that doesn't address the label / branding aspects * Next meeting: - July 12 - proposal: cancel meetings in August Dom
Received on Tuesday, 29 June 2021 06:48:51 UTC