- From: Adam Powers <adam@fidoalliance.org>
- Date: Mon, 23 May 2016 10:13:59 -0700
- To: Vijay Bharadwaj <vijaybh@microsoft.com>, "J.C. Jones" <jjones@mozilla.com>
- Cc: Wendy Seltzer <wseltzer@w3.org>, "public-webauthn@w3.org" <public-webauthn@w3.org>
- Message-ID: <CACu+4cuN6dMum8mGzgiszFi__ZiNK7jcDj0zKr4mG-0OG-Yi-A@mail.gmail.com>
Makes sense to me too -- certainly more flexible and open than revving the WebAuthn spec for each new extension. I would like to socialize this at FIDO since it also impacts specs that are adjacent to WebAuthn (such as CTAP). Can I have a few weeks before we call it consensus? Thanks, Adam On May 23, 2016 at 9:37:54 AM, J.C. Jones (jjones@mozilla.com) wrote: > It's important to me that extensions are useful to everyone; for this > reason, I like this proposal. I believe it's going to be necessary to let > the user filter extensions, particularly as we talk about implementations > other than FIDO-standardized ones. A generic 'opaque extension' will make > for a very coarse filtering mechanism for the users, whereas having a > registry would enable clients to present more useful information. > > Anyway, +1. > > On Sat, May 21, 2016 at 3:20 PM, Vijay Bharadwaj <vijaybh@microsoft.com> > wrote: > >> One addendum on a discussion that happened in the room after we formally >> adjourned, involving a number of participants who were hanging around in >> the room after the meeting: >> >> There was a spirited discussion around extensions, and specifically about >> the extensions proposed in issues #97 and #98. Some implementers felt that >> asking a client platform to pass through opaque extensions was unrealistic >> since doing this may have the effect of breaking a promise that the client >> has made to the user. (For instance, passing through an opaque extension >> containing location information might break a client's promise to turn off >> location tracking.) OTOH Giri felt that such extensions would be very >> valuable in some use cases where such issues did not apply. >> >> This developed into a discussion of what the role of extensions is, and >> what purpose the pre-defined extensions serve in the specification. It was >> felt that a better approach would be: >> - Only have the spec define what an extension is, and how it should be >> defined (this is currently section 5) >> - Pull all pre-defined extensions (currently section 6) out of the spec >> - Create a registry (IANA?) where such extensions may be registered, and >> possibly seed it by registering the currently pre-defined extensions from >> section 6 >> - Put a pointer in the spec to this IANA registry >> >> This proposal appeared to be generally acceptable to those present, but >> it would be valuable to get wider feedback from the list. Does anyone have >> comments or feedback on this proposal? >> >> -----Original Message----- >> From: Wendy Seltzer [mailto:wseltzer@w3.org] >> Sent: Saturday, May 14, 2016 11:00 AM >> To: public-webauthn@w3.org >> Subject: [minutes] 13 May F2F >> >> Hi Webauthn, >> >> Draft minutes from the group's F2F are posted at >> https://www.w3.org/2016/05/13-webauthn-minutes.html >> >> Some highlights: >> Vijay gave an update on the current status: >> https://www.w3.org/Webauthn/slides/WebAuthnAPIStatus-vgb.pdf >> Dirk reviewed the connection to token binding. >> Wendy reviewed the W3C process. >> Adam gave an update on testing, with work to be coordinated via >> hiptest.net and the web-platform-tests/webauthn repository Sridhar >> shared some scenarios in which webauthn would be useful. >> The group reviewed and tagged issues. >> >> Schedule: >> We're aiming to reach Recommendation by February 2017, when the group's >> charter ends. We agreed (with an ongoing CfC on the mailing list) to >> publish a First Public Working Draft from the current Editors' Draft. >> The plan: >> * May: FPWD >> * June: WD-01, a feature complete Working Draft >> * July-Aug: Further issue resolution and Wide Review; >> additional WDs as needed >> * September (TPAC): Candidate Recommendation, features stable >> * Oct-Nov: Implementation and testing >> * December: Proposed Recommendation >> * January '17: Advisory Committee Review (4 weeks) >> * February '17: Recommendation >> >> Wide Review: after publication of the FPWD, we will circulate the draft >> and request review, including from the groups listed in our charter. >> Mike Jones will share a draft blog post. >> >> We walked through the issues list and tagged key technical questions for >> WD-01: https://github.com/w3c/webauthn/milestones >> The group agreed to publish the then-current Editors' Draft to /TR when >> all the open issues for a milestone have been resolved. >> >> Please review the minutes and note any corrections. Thanks to all who >> participated! >> >> --Wendy >> -- >> Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel >> and Domain Lead, World Wide Web Consortium (W3C) >> https://wendy.seltzer.org/ +1.617.863.0613 (mobile) >> >> >> >
Received on Monday, 23 May 2016 17:14:29 UTC