Re: Spec and issue status

On 4/26/16, 11:19 PM, "Vijay Bharadwaj" <> wrote:

>I wanted to tee up a few items for discussion tomorrow regarding the
>remaining issues:
>We have a number of issues that should be really easy to fix. #38 and #74
>are in this bucket, as well as a number that are currently marked SPWD. I
>will do a sweep of these before Berlin, but given these are not likely to
>be as
> complex or controversial as the more substantial issues, I think itıs
>okay to get to these next week.


>Issue #1: I will send out a proposal tomorrow for this. I think we could
>move slightly more of the attestation structure into the authenticator
>model section,

you are referring to sections 3.8, 3.9, 3.10 ?

>thus making for a cleaner separation of concerns between browser/script
> folks and authenticator/backend folks. If that is acceptable then I
>think we should use it to close this issue out.

sounds nominally ok.

>Issue #58: Dirk spoke to Alex Russell and explained some of the nuances
>of our world. We think this discussion with TAG is going to take a bit
>longer. For now I would like to add some language clarifying the dual
>role of origins
> and rpIDs (origins are signed over and are therefore a security
>boundary, rpIDs determine who can request an assertion with a specific
>credential and are therefore a client privacy boundary), and move this
>issue to SPWD.

it would be "nice" if this discussion with "the TAG" were generally

>Issue #61: I will send out a proposal for this by end of week, as
>outlined in the issue already. Would love to get feedback on that.


>Issue #60: As noted in the issue, this is potentially contradictory with
>#61. If we agree that the #61 change sounds reasonable, I would like to
>move #60 to SPWD so we can have a more thoughtful consideration of what
>the right
> path forward should be.

sure, I agree that we should take more time to work out #60.



Received on Wednesday, 27 April 2016 16:46:53 UTC