Re: Spec and issue status from Hodges, Jeff on 2016-04-27 (public-webauthn@w3.org from April 2016)

From: Hodges, Jeff <jeff.hodges@paypal.com>
Date: Wed, 27 Apr 2016 16:46:23 +0000
To: Vijay Bharadwaj <vijaybh@microsoft.com>
CC: W3C WebAuthn WG <public-webauthn@w3.org>
Message-ID: <D34638D3.BA9D3%jehodges@paypalcorp.com>

On 4/26/16, 11:19 PM, "Vijay Bharadwaj" <vijaybh@microsoft.com> wrote:

>I wanted to tee up a few items for discussion tomorrow regarding the
>remaining issues:
>
>·        
>We have a number of issues that should be really easy to fix. #38 and #74
>are in this bucket, as well as a number that are currently marked SPWD. I
>will do a sweep of these before Berlin, but given these are not likely to
>be as
> complex or controversial as the more substantial issues, I think it¹s
>okay to get to these next week.

agreed.


>·        
>Issue #1: I will send out a proposal tomorrow for this. I think we could
>move slightly more of the attestation structure into the authenticator
>model section,

you are referring to sections 3.8, 3.9, 3.10 ?

>thus making for a cleaner separation of concerns between browser/script
> folks and authenticator/backend folks. If that is acceptable then I
>think we should use it to close this issue out.

sounds nominally ok.

>·        
>Issue #58: Dirk spoke to Alex Russell and explained some of the nuances
>of our world. We think this discussion with TAG is going to take a bit
>longer. For now I would like to add some language clarifying the dual
>role of origins
> and rpIDs (origins are signed over and are therefore a security
>boundary, rpIDs determine who can request an assertion with a specific
>credential and are therefore a client privacy boundary), and move this
>issue to SPWD.

it would be "nice" if this discussion with "the TAG" were generally
visible...


>·        
>Issue #61: I will send out a proposal for this by end of week, as
>outlined in the issue already. Would love to get feedback on that.

ok

>·        
>Issue #60: As noted in the issue, this is potentially contradictory with
>#61. If we agree that the #61 change sounds reasonable, I would like to
>move #60 to SPWD so we can have a more thoughtful consideration of what
>the right
> path forward should be.

sure, I agree that we should take more time to work out #60.

hth,

=JeffH

Received on Wednesday, 27 April 2016 16:46:53 UTC