Extensions (was RE: [minutes] 13 May F2F)

One addendum on a discussion that happened in the room after we formally adjourned, involving a number of participants who were hanging around in the room after the meeting:

There was a spirited discussion around extensions, and specifically about the extensions proposed in issues #97 and #98. Some implementers felt that asking a client platform to pass through opaque extensions was unrealistic since doing this may have the effect of breaking a promise that the client has made to the user. (For instance, passing through an opaque extension containing location information might break a client's promise to turn off location tracking.) OTOH Giri felt that such extensions would be very valuable in some use cases where such issues did not apply.

This developed into a discussion of what the role of extensions is, and what purpose the pre-defined extensions serve in the specification. It was felt that a better approach would be:
- Only have the spec define what an extension is, and how it should be defined (this is currently section 5)
- Pull all pre-defined extensions (currently section 6) out of the spec
- Create a registry (IANA?) where such extensions may be registered, and possibly seed it by registering the currently pre-defined extensions from section 6
- Put a pointer in the spec to this IANA registry

This proposal appeared to be generally acceptable to those present, but it would be valuable to get wider feedback from the list. Does anyone have comments or feedback on this proposal?

-----Original Message-----
From: Wendy Seltzer [mailto:wseltzer@w3.org] 
Sent: Saturday, May 14, 2016 11:00 AM
To: public-webauthn@w3.org
Subject: [minutes] 13 May F2F

Hi Webauthn,

Draft minutes from the group's F2F are posted at  https://www.w3.org/2016/05/13-webauthn-minutes.html


Some highlights:
Vijay gave an update on the current status:
https://www.w3.org/Webauthn/slides/WebAuthnAPIStatus-vgb.pdf

Dirk reviewed the connection to token binding.
Wendy reviewed the W3C process.
Adam gave an update on testing, with work to be coordinated via hiptest.net and the web-platform-tests/webauthn repository Sridhar shared some scenarios in which webauthn would be useful.
The group reviewed and tagged issues.

Schedule:
We're aiming to reach Recommendation by February 2017, when the group's charter ends. We agreed (with an ongoing CfC on the mailing list) to publish a First Public Working Draft from the current Editors' Draft.
The plan:
* May: FPWD
* June: WD-01, a feature complete Working Draft
* July-Aug: Further issue resolution and Wide Review;
 additional WDs as needed
* September (TPAC): Candidate Recommendation, features stable
* Oct-Nov: Implementation and testing
* December: Proposed Recommendation
* January '17: Advisory Committee Review (4 weeks)
* February '17: Recommendation

Wide Review: after publication of the FPWD, we will circulate the draft and request review, including from the groups listed in our charter.
Mike Jones will share a draft blog post.

We walked through the issues list and tagged key technical questions for
WD-01: https://github.com/w3c/webauthn/milestones

The group agreed to publish the then-current Editors' Draft to /TR when all the open issues for a milestone have been resolved.

Please review the minutes and note any corrections. Thanks to all who participated!

--Wendy
--
Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
https://wendy.seltzer.org/        +1.617.863.0613 (mobile)

Received on Saturday, 21 May 2016 22:21:38 UTC