W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2016

Re: Extensions (was RE: [minutes] 13 May F2F)

From: J.C. Jones <jjones@mozilla.com>
Date: Mon, 23 May 2016 09:37:54 -0700
Message-ID: <CAObDDPBvQwykhvD0VETp3Qu4YS9K=vuoN2AmBSNJMjwoLdXHkg@mail.gmail.com>
To: Vijay Bharadwaj <vijaybh@microsoft.com>
Cc: Wendy Seltzer <wseltzer@w3.org>, "public-webauthn@w3.org" <public-webauthn@w3.org>
It's important to me that extensions are useful to everyone; for this
reason, I like this proposal. I believe it's going to be necessary to let
the user filter extensions, particularly as we talk about implementations
other than FIDO-standardized ones. A generic 'opaque extension' will make
for a very coarse filtering mechanism for the users, whereas having a
registry would enable clients to present more useful information.

Anyway, +1.

On Sat, May 21, 2016 at 3:20 PM, Vijay Bharadwaj <vijaybh@microsoft.com>
wrote:

> One addendum on a discussion that happened in the room after we formally
> adjourned, involving a number of participants who were hanging around in
> the room after the meeting:
>
> There was a spirited discussion around extensions, and specifically about
> the extensions proposed in issues #97 and #98. Some implementers felt that
> asking a client platform to pass through opaque extensions was unrealistic
> since doing this may have the effect of breaking a promise that the client
> has made to the user. (For instance, passing through an opaque extension
> containing location information might break a client's promise to turn off
> location tracking.) OTOH Giri felt that such extensions would be very
> valuable in some use cases where such issues did not apply.
>
> This developed into a discussion of what the role of extensions is, and
> what purpose the pre-defined extensions serve in the specification. It was
> felt that a better approach would be:
> - Only have the spec define what an extension is, and how it should be
> defined (this is currently section 5)
> - Pull all pre-defined extensions (currently section 6) out of the spec
> - Create a registry (IANA?) where such extensions may be registered, and
> possibly seed it by registering the currently pre-defined extensions from
> section 6
> - Put a pointer in the spec to this IANA registry
>
> This proposal appeared to be generally acceptable to those present, but it
> would be valuable to get wider feedback from the list. Does anyone have
> comments or feedback on this proposal?
>
> -----Original Message-----
> From: Wendy Seltzer [mailto:wseltzer@w3.org]
> Sent: Saturday, May 14, 2016 11:00 AM
> To: public-webauthn@w3.org
> Subject: [minutes] 13 May F2F
>
> Hi Webauthn,
>
> Draft minutes from the group's F2F are posted at
> https://www.w3.org/2016/05/13-webauthn-minutes.html
>
> Some highlights:
> Vijay gave an update on the current status:
> https://www.w3.org/Webauthn/slides/WebAuthnAPIStatus-vgb.pdf
> Dirk reviewed the connection to token binding.
> Wendy reviewed the W3C process.
> Adam gave an update on testing, with work to be coordinated via
> hiptest.net and the web-platform-tests/webauthn repository Sridhar shared
> some scenarios in which webauthn would be useful.
> The group reviewed and tagged issues.
>
> Schedule:
> We're aiming to reach Recommendation by February 2017, when the group's
> charter ends. We agreed (with an ongoing CfC on the mailing list) to
> publish a First Public Working Draft from the current Editors' Draft.
> The plan:
> * May: FPWD
> * June: WD-01, a feature complete Working Draft
> * July-Aug: Further issue resolution and Wide Review;
>         additional WDs as needed
> * September (TPAC): Candidate Recommendation, features stable
> * Oct-Nov: Implementation and testing
> * December: Proposed Recommendation
> * January '17: Advisory Committee Review (4 weeks)
> * February '17: Recommendation
>
> Wide Review: after publication of the FPWD, we will circulate the draft
> and request review, including from the groups listed in our charter.
> Mike Jones will share a draft blog post.
>
> We walked through the issues list and tagged key technical questions for
> WD-01: https://github.com/w3c/webauthn/milestones
> The group agreed to publish the then-current Editors' Draft to /TR when
> all the open issues for a milestone have been resolved.
>
> Please review the minutes and note any corrections. Thanks to all who
> participated!
>
> --Wendy
> --
> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel
> and Domain Lead, World Wide Web Consortium (W3C)
> https://wendy.seltzer.org/        +1.617.863.0613 (mobile)
>
>
>
Received on Monday, 23 May 2016 16:38:43 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:15 UTC