11/02/2016 W3C Web Authentication WG Agenda
11/09/2016 W3C Web Authentication WG Agenda
11/23/2016 W3C WebAuthentication WG Agenda
11/30/2016 W3C Web Authentication WG Agenda
[w3c/webauthn]
- GitHub (Wednesday, 30 November)
- GitHub (Wednesday, 9 November)
- GitHub (Wednesday, 9 November)
[w3c/webauthn] 0049e1: Built by Travis-CI: a5e28e82c5e37b21ed5f29c44ac4e5...
[w3c/webauthn] 0281c7: use Vijay's examples
- GitHub (Wednesday, 9 November)
[w3c/webauthn] 26f20b: put back vijay's suggestion that got dropped
- GitHub (Wednesday, 16 November)
[w3c/webauthn] 276018: attestation statement definition
[w3c/webauthn] 2791e1: Built by Travis-CI: f891d0cb3a756d0cc4c97259301b62...
- GitHub (Wednesday, 30 November)
[w3c/webauthn] 2ca56e: addressing comments from issue peanut gallery :)
- GitHub (Wednesday, 2 November)
[w3c/webauthn] 2d6a7a: Adding fido appid extension (#229)
- GitHub (Wednesday, 9 November)
[w3c/webauthn] 2f723d: Jeffh editorial cleanups 2 (#236)
[w3c/webauthn] 3f91a6: fixup sample-authn example step 9. fixes #234
- GitHub (Wednesday, 30 November)
[w3c/webauthn] 558837: Adds authenticator attachement to credential optio...
- GitHub (Wednesday, 2 November)
[w3c/webauthn] 5a2dc5: section verification of WebAuthnAssertion added. S...
[w3c/webauthn] 5f9172: tag Navigator w/ <a>
- GitHub (Wednesday, 30 November)
- GitHub (Wednesday, 9 November)
- GitHub (Wednesday, 9 November)
[w3c/webauthn] 700775: typo fix
- GitHub (Wednesday, 2 November)
[w3c/webauthn] 8fac8d: properly ref 'normalize an algorithm' fixes #262; ...
- GitHub (Wednesday, 30 November)
[w3c/webauthn] 92fe6c: fix not-properly-closed <div>
[w3c/webauthn] 931199: add @bzbarsky to acks
- GitHub (Wednesday, 30 November)
[w3c/webauthn] a5e28e: point at github milestones
[w3c/webauthn] ad12bd: remove ScopedCredentialInfo.publicKey; use credent...
- GitHub (Wednesday, 30 November)
[w3c/webauthn] d1f5af: address vijay's comments
- GitHub (Wednesday, 2 November)
[w3c/webauthn] f54fd0: Built by Travis-CI: 7c59dd38730d46db68d4a4fb1d48c9...
- GitHub (Wednesday, 9 November)
[w3c/webauthn] fb4f3e: Adds authenticator attachement to credential optio...
- GitHub (Wednesday, 16 November)
[webauthn] "an Relying Party" should be "a Relying Party"
[webauthn] "authentication" attribute on Navigator should be [SecureContext]
[webauthn] "excludeList" should probably be "the excludeList member of _options_" in makeCredential
[webauthn] "If extensions was specified" should instead use the "present" terminology
[webauthn] "JSON serialization" in makeCredential probably needs to be defined more clearly
[webauthn] "might be present on this authenticator" could use a clearer definition
[webauthn] "relaxing the same-origin restriction"
[webauthn] _rpId_ generation allows more relaxation of same-origin restrictions than document.domain does
[webauthn] Add notion of internal/external to options
[webauthn] Add section describing verification of a WebAuthnAssertion
[webauthn] Adding u2f appid extension
[webauthn] Adds authenticator attachement to credential options
[webauthn] also cite the other extant TLS channel binding mechanisms?
[webauthn] AssertionOptions and ScopedCredentialOptions could both inherit from a dictionary which has their shared members
[webauthn] Authenticator selection extension needs to define snapshotting behavior
[webauthn] authenticatorCancel seems like it can cancel too much
[webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee
[webauthn] Can the "attestation" of a WebAuthnAttestation be a non-object?
[webauthn] certifyinfo needs to be specified
[webauthn] Clarify how a user can authenticate from multiple devices
[webauthn] Clarify how AAGUID is generated to avoid collisions
[webauthn] Clarify uses of ClientData
[webauthn] Creation of ScopedCredentialInfo in makeCredential should probably be more explicit
[webauthn] Creation of WebAuthnAssertion in getAssertion should probably be more explicit
[webauthn] Credential ID not signed
[webauthn] Description of ScopedCredentialInfo.credential seems odd
[webauthn] Do we need "Algorithm Usage Location(s)" and "JOSE Implementation Requirements" in the IANA Considerations section?
[webauthn] Does "Then asynchronously continue executing the following steps" mean "in parallel"?
[webauthn] Enforce strict same-origin policy on rpId
[webauthn] Exception handling in cryptoParameters processing needs to be clarified
[webauthn] excludeList can be defaulted to a zero-length sequence in IDL instead of prose
[webauthn] excludeList/allowList can be defaulted to a zero-length sequence in IDL instead of prose
[webauthn] explicitly denote RSA signature scheme
[webauthn] getAssertion needs to not go async before making a copy of the assertionChallenge
[webauthn] Grammar of makeCredential step 1 is a bit odd
[webauthn] I don't understand how to create a ClientData in makeCredential
[webauthn] Is _rpId_ supposed to look like an origin serialization, or like a hostname?
[webauthn] Is there a reason "WebAuthnAssertion" is not "WebAuthenticationAssertion"?
[webauthn] It would be nice if the definition of "Scoped Credential" said something about what `identifier` and `type` are
[webauthn] Jeffh editorial cleanups 3
[webauthn] Link to WebCrypto API is stale
[webauthn] Move `allowList` from optional to default on `getAssertion`
[webauthn] Move {#sample-scenarios} (currently Section 10) to the top of the doc
[webauthn] Moving callers from U2F to WebAuthn
[webauthn] Need to clearly define what it means to SHA-256 hash the "host" output of the document.domain setter
[webauthn] new commits pushed by equalsJeffH
[webauthn] new commits pushed by leshi
[webauthn] new commits pushed by rlin1
[webauthn] new commits pushed by samweiler
[webauthn] new commits pushed by vijaybh
[webauthn] new commits pushed by WebAuthnBot
[webauthn] Please coordinate with the HTML spec to extract the relevant bits of the document.domain setter so you can call them
[webauthn] Please ensure that all ArrayBuffer creations are done explicitly, in the correct global
[webauthn] Processing model for extensions is very underdefined
[webauthn] Refine meaning of ScopedCredentialType to be "signature & assertion format (and version thereof)"
[webauthn] remove id requirement in ScopedCredentialDescriptor
[webauthn] remove ScopedCredentialInfo.publicKey; use "credential public key" term consistently
[webauthn] Scoped credentials represent a relationship between user and RP
[webauthn] ScopedCredentialDescriptor can contain BufferSources that are processed async
[webauthn] section verification of WebAuthnAssertion added. See #102
[webauthn] Setting _rpId_ to _callerOrigin_ doesn't make sense
[webauthn] Should attestationChallenge be snapshotted in makeCredential, or used before going async?
[webauthn] should authenticator layer send hashed or unhashed rpId to authenticators?
[webauthn] Should the "authentication" attribute on Navigator be [SameObject]?
[webauthn] Simplifying attestation, take two
[webauthn] Spec should not mandate behavior of server
[webauthn] TAG review feedback: Align Credential interface with Credential Management?
[webauthn] The concept "empty" is not really defined for IDL sequences
[webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced
[webauthn] There is no "current settings object" in algorithm steps that are executing in parallel
[webauthn] Throw "NotFoundError" when internal authenticator is not available or not found
[webauthn] Timeouts should be in ms not seconds
[webauthn] Update attestation format identifiers in registry to match spec
[webauthn] Various attributes of ScopedCredentialInfo should probably be [SameObject]
[webauthn] WebCryptoAPI's "normalizing an algorithm" cannot be done as part of async steps
[webauthn] What does "If normalizedAlgorithm is empty" mean?
[webauthn] What does "which has no other operations in progress" mean in practice?
[webauthn] What does it mean to "get assertions" in getAssertion step 7?
[webauthn] What does normalizedParameters actually contain in makeCredential?
[webauthn] What ensures any semblance of interop for WebAuthnExtensions?
[webauthn] When talking about "normalizing an algorithm", please just link to it
[webauthn] Which of the attestation format interfaces are expected to be exposed in UAs?
[webauthn] Why are some of the attestation interfaces [SecureContext] while others are not?
[webauthn] Why are various predefined extensions defined as extensions, and not just parts of the spec?
[webauthn] Why is the only value of ScopedCredentialType "ScopedCred" as opposed to "ScopedCredential"?
Android Key Attestation is "Self Attestation" ?
Boris: Thanks for..
bridge for today's WebAuthn call
Closed: [webauthn] "an Relying Party" should be "a Relying Party"
Closed: [webauthn] "relaxing the same-origin restriction"
Closed: [webauthn] also cite the other extant TLS channel binding mechanisms?
Closed: [webauthn] Clarify how AAGUID is generated to avoid collisions
Closed: [webauthn] Grammar of makeCredential/getAssertion step 1 is a bit odd
Closed: [webauthn] Moving callers from U2F to WebAuthn
Closed: [webauthn] Scoped credentials represent a relationship between user and RP
Fwd: Intent to Implement: Web Authentication API for Chrome
FYI: Intent to implement and ship: Web Authentication
referencing W3C or WhatWG specs (was: [webauthn] new commits pushed by equalsJeffH
Regrets for today's call
suggested issues to close (was: 11/30/2016 W3C Web Authentication WG Agenda
Last message date: Wednesday, 30 November 2016 23:54:42 UTC