- From: J.C. Jones <jjones@mozilla.com>
- Date: Mon, 23 May 2016 09:37:54 -0700
- To: Vijay Bharadwaj <vijaybh@microsoft.com>
- Cc: Wendy Seltzer <wseltzer@w3.org>, "public-webauthn@w3.org" <public-webauthn@w3.org>
- Message-ID: <CAObDDPBvQwykhvD0VETp3Qu4YS9K=vuoN2AmBSNJMjwoLdXHkg@mail.gmail.com>
It's important to me that extensions are useful to everyone; for this reason, I like this proposal. I believe it's going to be necessary to let the user filter extensions, particularly as we talk about implementations other than FIDO-standardized ones. A generic 'opaque extension' will make for a very coarse filtering mechanism for the users, whereas having a registry would enable clients to present more useful information. Anyway, +1. On Sat, May 21, 2016 at 3:20 PM, Vijay Bharadwaj <vijaybh@microsoft.com> wrote: > One addendum on a discussion that happened in the room after we formally > adjourned, involving a number of participants who were hanging around in > the room after the meeting: > > There was a spirited discussion around extensions, and specifically about > the extensions proposed in issues #97 and #98. Some implementers felt that > asking a client platform to pass through opaque extensions was unrealistic > since doing this may have the effect of breaking a promise that the client > has made to the user. (For instance, passing through an opaque extension > containing location information might break a client's promise to turn off > location tracking.) OTOH Giri felt that such extensions would be very > valuable in some use cases where such issues did not apply. > > This developed into a discussion of what the role of extensions is, and > what purpose the pre-defined extensions serve in the specification. It was > felt that a better approach would be: > - Only have the spec define what an extension is, and how it should be > defined (this is currently section 5) > - Pull all pre-defined extensions (currently section 6) out of the spec > - Create a registry (IANA?) where such extensions may be registered, and > possibly seed it by registering the currently pre-defined extensions from > section 6 > - Put a pointer in the spec to this IANA registry > > This proposal appeared to be generally acceptable to those present, but it > would be valuable to get wider feedback from the list. Does anyone have > comments or feedback on this proposal? > > -----Original Message----- > From: Wendy Seltzer [mailto:wseltzer@w3.org] > Sent: Saturday, May 14, 2016 11:00 AM > To: public-webauthn@w3.org > Subject: [minutes] 13 May F2F > > Hi Webauthn, > > Draft minutes from the group's F2F are posted at > https://www.w3.org/2016/05/13-webauthn-minutes.html > > Some highlights: > Vijay gave an update on the current status: > https://www.w3.org/Webauthn/slides/WebAuthnAPIStatus-vgb.pdf > Dirk reviewed the connection to token binding. > Wendy reviewed the W3C process. > Adam gave an update on testing, with work to be coordinated via > hiptest.net and the web-platform-tests/webauthn repository Sridhar shared > some scenarios in which webauthn would be useful. > The group reviewed and tagged issues. > > Schedule: > We're aiming to reach Recommendation by February 2017, when the group's > charter ends. We agreed (with an ongoing CfC on the mailing list) to > publish a First Public Working Draft from the current Editors' Draft. > The plan: > * May: FPWD > * June: WD-01, a feature complete Working Draft > * July-Aug: Further issue resolution and Wide Review; > additional WDs as needed > * September (TPAC): Candidate Recommendation, features stable > * Oct-Nov: Implementation and testing > * December: Proposed Recommendation > * January '17: Advisory Committee Review (4 weeks) > * February '17: Recommendation > > Wide Review: after publication of the FPWD, we will circulate the draft > and request review, including from the groups listed in our charter. > Mike Jones will share a draft blog post. > > We walked through the issues list and tagged key technical questions for > WD-01: https://github.com/w3c/webauthn/milestones > The group agreed to publish the then-current Editors' Draft to /TR when > all the open issues for a milestone have been resolved. > > Please review the minutes and note any corrections. Thanks to all who > participated! > > --Wendy > -- > Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel > and Domain Lead, World Wide Web Consortium (W3C) > https://wendy.seltzer.org/ +1.617.863.0613 (mobile) > > >
Received on Monday, 23 May 2016 16:38:43 UTC