- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Tue, 30 Mar 2021 08:59:39 +0200
- To: public-webauthn-adoption@w3.org
Hi, Here are my notes from our meeting yesterday; next meeting back on regular schedule on April 5th (but with likely regrets from many as a bank holiday in a number of places) * Logistic Still need to figure out how to make Google Meet usable when the invitation owner isn't around * Update on WebAuthn.how https://github.com/webauthn-adoption/practical-webauthn/ Nick: Looking for assistance on JS verification of attestation - Jessie John's code is a bit out of date, we need to start handling the newer attestatations (TPM, Apple's); current plan is to use TypeScript to make it easier to read/maintain, but makes it harder to use in non-compiled environments Matthew: can you file an issue? Nick: will do! * Update on conformance test suite https://github.com/webauthn-adoption/webauthn-conformance Matt: will file issues / milestones to help give a roadmap * Naming platform authenticators https://github.com/webauthn-adoption/practical-webauthn/issues/6 [DONE] ACTION: Nick to investigate what info browser implementors have on platform authenticator [DONE] ACTION: Felix to document use research on the need to use platform name Nick: being able to get platform authenticator names is what's really at stake; looked into browser client code (webkit, gecko, blink) - they access these authenticators through HID, don't have any identifying info except the buffer used to communicate. Firefox does it this way both for roaming/platform Matthew: so this would have to be exposed by the OS? Nick: or use heuristics based on the underlying OS; in general, the goal is to guide the end user toward the authenticator Rolf: not sure if that's worth it then - it may be better to leave that to a library Matthew: if the browser doesn't have a access to it, indeed we may be better off building a shared understanding on how to handle names / UX guidance Rolf: using credential id as key to the authenticator Nick: enrollment is probably where it's most needed [...] Dom: let's document the various axes (enrollment vs verification, platform vs roaming, name vs other UX considerations, fingerprinting vs market fragmentation, browser API vs JS library) in the github issue to continue the discussion before we try to bring a case for the WG * MDN updates for WebAuthn https://lists.w3.org/Archives/Public/public-webauthn-adoption/2021Mar/0003.html https://github.com/mdn/content/issues/3488 [ONGOING] ACTION: Dom to help seed WebAuthn2 in MDN (BCD + docs) Yuri: I'm willing to help with the pull request * Documenting platform gotchas ACTION: Felix to look into gotchas they might be aware of [ongoing] ACTION: Dom to suggest a way forward on tracking platform-specific implementations considerations * WebAuthn Dev Support on StackOverflow https://lists.w3.org/Archives/Public/public-webauthn-adoption/2021Mar/0002.html [DONE] ACTION: Dom to share his research on possible coordinated efforts around WebAuthn in StackOverflow Dom: I'll set a StackOverflow notification system on our slack channel DavidT: please include CTAP-related tags (if any) * MOOC Dom: John reported off-line this is moving forward * April 5th meeting Dom: Easter Monday means many in Europe (include myself) won't be around, but let's keep that meeting to get back into our regularly scheduled rhythm Dom
Received on Tuesday, 30 March 2021 06:59:49 UTC