- From: Hodges, Jeff <jeff.hodges@paypal.com>
- Date: Wed, 27 Apr 2016 16:46:23 +0000
- To: Vijay Bharadwaj <vijaybh@microsoft.com>
- CC: W3C WebAuthn WG <public-webauthn@w3.org>
On 4/26/16, 11:19 PM, "Vijay Bharadwaj" <vijaybh@microsoft.com> wrote: >I wanted to tee up a few items for discussion tomorrow regarding the >remaining issues: > >· >We have a number of issues that should be really easy to fix. #38 and #74 >are in this bucket, as well as a number that are currently marked SPWD. I >will do a sweep of these before Berlin, but given these are not likely to >be as > complex or controversial as the more substantial issues, I think itıs >okay to get to these next week. agreed. >· >Issue #1: I will send out a proposal tomorrow for this. I think we could >move slightly more of the attestation structure into the authenticator >model section, you are referring to sections 3.8, 3.9, 3.10 ? >thus making for a cleaner separation of concerns between browser/script > folks and authenticator/backend folks. If that is acceptable then I >think we should use it to close this issue out. sounds nominally ok. >· >Issue #58: Dirk spoke to Alex Russell and explained some of the nuances >of our world. We think this discussion with TAG is going to take a bit >longer. For now I would like to add some language clarifying the dual >role of origins > and rpIDs (origins are signed over and are therefore a security >boundary, rpIDs determine who can request an assertion with a specific >credential and are therefore a client privacy boundary), and move this >issue to SPWD. it would be "nice" if this discussion with "the TAG" were generally visible... >· >Issue #61: I will send out a proposal for this by end of week, as >outlined in the issue already. Would love to get feedback on that. ok >· >Issue #60: As noted in the issue, this is potentially contradictory with >#61. If we agree that the #61 change sounds reasonable, I would like to >move #60 to SPWD so we can have a more thoughtful consideration of what >the right > path forward should be. sure, I agree that we should take more time to work out #60. hth, =JeffH
Received on Wednesday, 27 April 2016 16:46:53 UTC