public-webauthn@w3.org from April 2017 by subject

"priority:implementation" issues, and PRs left for WD-05

• =JeffH (Wednesday, 19 April)

04/05/2017 W3C Web Authentication WG Meeting Agenda

• Vijay Bharadwaj (Wednesday, 5 April)
• Anthony Nadalin (Tuesday, 4 April)

04/12/2017 W3C Web Authentication WG Meeting Agenda

• Anthony Nadalin (Tuesday, 11 April)

04/14/2017 W3C Web Authentication WG Agenda

• Anthony Nadalin (Thursday, 13 April)

04/19/2017 W3C Web Authentication WG Meeting Agenda

• Anthony Nadalin (Tuesday, 18 April)

04/26/2017 W3C Web Authentication WG Meeting Agenda

• Anthony Nadalin (Tuesday, 25 April)

[w3c/webauthn]

• GitHub (Monday, 17 April)
• GitHub (Monday, 17 April)

[w3c/webauthn] 0154cb: replaced DAA root key by daaKeyId. Added proper r...

• GitHub (Wednesday, 19 April)

[w3c/webauthn] 09c1ea: Built by Travis-CI: 333b8aad131f7f0d437e304eecfa12...

• GitHub (Sunday, 23 April)

[w3c/webauthn] 1fd6ae: repair fig 3 - fix #401

• GitHub (Tuesday, 25 April)

[w3c/webauthn] 22913b: first draft of uaf attestation statement format

• GitHub (Tuesday, 4 April)

[w3c/webauthn] 2c7ba2: Built by Travis-CI: 5dedfde4c1e8ea8dff382fbf958479...

• GitHub (Thursday, 27 April)

[w3c/webauthn] 2cccb3: Built by Travis-CI: 66c6224cbb287bd6cc4236c2e004dd...

• GitHub (Wednesday, 19 April)

[w3c/webauthn] 2d10a1: Introduce authenticator response interfaces.

• GitHub (Friday, 14 April)

[w3c/webauthn] 3311f8: corrected image (DAA--> ECDAA etc.)

• GitHub (Thursday, 6 April)

[w3c/webauthn] 333b8a: Fix issue #418 - What extension data is in Authent...

• GitHub (Sunday, 23 April)

[w3c/webauthn] 34e083: Correct omissions that failed to send authenticato...

• GitHub (Thursday, 27 April)

[w3c/webauthn] 371886: Built by Travis-CI: 8eb7b5c7323312a2f49bab4aec04c0...

• GitHub (Friday, 21 April)

[w3c/webauthn] 37e612: Remove one line

• GitHub (Monday, 24 April)

[w3c/webauthn] 3b5138: Tiny typo in 'ScopedCredentialDesciptor'.

• GitHub (Wednesday, 19 April)

[w3c/webauthn] 4fad3e: Convert `makeCredential()`'s parameters into a dic...

• GitHub (Friday, 14 April)

[w3c/webauthn] 5535f4: incorp jyasskin suggestion. improves #387

• GitHub (Wednesday, 26 April)

[w3c/webauthn] 565096: corrected signing and verification procedure for U...

• GitHub (Thursday, 6 April)

[w3c/webauthn] 5a0a88: Built by Travis-CI: c22e2ab8350c8ed2b94b9d158e2c0e...

• GitHub (Friday, 14 April)

[w3c/webauthn] 669221: Add a link to web-platform-tests to the top of the...

• GitHub (Saturday, 29 April)

[w3c/webauthn] 6d873d: Add displayName for the user account (#423)

• GitHub (Friday, 28 April)

[w3c/webauthn] 6f2f11: Renamed timeoutSeconds to timeoutMilliseconds as s...

• GitHub (Tuesday, 25 April)
• GitHub (Monday, 24 April)

[w3c/webauthn] 76a716: address empty allowlist in 'use existing cred' alg...

• GitHub (Wednesday, 26 April)

[w3c/webauthn] 883c6f: Built by Travis-CI: 6d873d597fae3a595039bdfb070e29...

• GitHub (Friday, 28 April)

[w3c/webauthn] 8eb7b5: Separated proposed changes to extension semantics ...

• GitHub (Friday, 21 April)
• GitHub (Friday, 21 April)

[w3c/webauthn] 91fe1a: Merged master

• GitHub (Tuesday, 25 April)

[w3c/webauthn] 93448b: Built by Travis-CI: 55cd330c436202a92c575d4b28db11...

• GitHub (Monday, 24 April)

[w3c/webauthn] a1e74d: Update according to comment

• GitHub (Monday, 24 April)

[w3c/webauthn] a3bae0: Updated PR based on Jeffrey comment

• GitHub (Friday, 21 April)

[w3c/webauthn] a9da99: Move `getAssertion()`'s `challenge` into `Assertio...

• GitHub (Friday, 14 April)

[w3c/webauthn] ad8e59: Built by Travis-CI: b4009d4dbc3fa47aa588b11915af23...

• GitHub (Saturday, 29 April)

[w3c/webauthn] b1bd6c: first draft of new credential type ScopedCred_FIDO...

• GitHub (Tuesday, 4 April)

[w3c/webauthn] c21268: more surgery hopefully improving #387

• GitHub (Friday, 28 April)

[w3c/webauthn] d2ea8e: Merge PR 384 and remove RK bit

• GitHub (Wednesday, 19 April)

[w3c/webauthn] e1ffe6: surgery w/hammer, saw, torch on prior attempt to i...

• GitHub (Wednesday, 26 April)

[w3c/webauthn] e5f424: Remove unnecessary blank

• GitHub (Wednesday, 19 April)

[w3c/webauthn] e6608d: Built by Travis-CI: 275a5522be02b102a895964ee99692...

• GitHub (Friday, 14 April)

[w3c/webauthn] f84ba9: Built by Travis-CI: f99d7181e7f56d371bcb506f48295b...

• GitHub (Saturday, 29 April)

[w3c/webauthn] f99d71: Throw NotFoundError when no authenticator is avail...

• GitHub (Saturday, 29 April)

[w3c/webauthn] fba8ac: Remove unnecessary whitespace

• GitHub (Wednesday, 19 April)

[webauthn] "authentication" attribute on Navigator should be [SecureContext]

• Mike West via GitHub (Wednesday, 19 April)
• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] "Authenticator argument" vs. "authenticator data value" in Extensions section

• Mike Jones via GitHub (Friday, 21 April)

[webauthn] "credential ID" not signed over by authenticatorGetAssertion operation

• =JeffH via GitHub (Friday, 7 April)

[webauthn] "NotAllowedError" is in WebIDL editors draft but not in WebIDL Level 1

• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] "rp" isn't a widely enough known acronym?, should be relyingParty instead?

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] "ScopedCred" enum should be "scoped-cred"

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] 3rd approach: Add authenticator selection dictionary to create with attachment

• Mike Jones via GitHub (Saturday, 29 April)

[webauthn] [PR 384] Does requireUserMediation() make sense after merge

• Jeffrey Yasskin via GitHub (Friday, 14 April)
• Alexei Czeskis via GitHub (Friday, 14 April)

[webauthn] _rpId_ generation allows more relaxation of same-origin restrictions than document.domain does

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Account information merge

• =JeffH via GitHub (Friday, 28 April)
• Mike Jones via GitHub (Tuesday, 25 April)
• Mike Jones via GitHub (Monday, 24 April)
• Alexei Czeskis via GitHub (Monday, 24 April)
• =JeffH via GitHub (Monday, 24 April)
• Mike West via GitHub (Monday, 24 April)
• Mike Jones via GitHub (Monday, 24 April)
• =JeffH via GitHub (Monday, 24 April)
• Mike West via GitHub (Monday, 24 April)
• =JeffH via GitHub (Saturday, 22 April)
• Alexei Czeskis via GitHub (Thursday, 20 April)
• Angelo Liao via GitHub (Thursday, 20 April)
• Alexei Czeskis via GitHub (Thursday, 20 April)

[webauthn] Add "willMakeCredentialWorkWithTheseConstraints()" method to the API

• Vijay Bharadwaj via GitHub (Wednesday, 12 April)
• Mike West via GitHub (Wednesday, 12 April)
• Vijay Bharadwaj via GitHub (Tuesday, 11 April)
• Mike West via GitHub (Tuesday, 11 April)

[webauthn] Add a link to web-platform-tests to the top of the spec

• Mike Jones via GitHub (Wednesday, 26 April)
• =JeffH via GitHub (Wednesday, 26 April)

[webauthn] Add cloud transport option to transport hint

• Angelo Liao via GitHub (Thursday, 6 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Add explanation of why the account argument is useful

• J.C. Jones via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Tuesday, 4 April)

[webauthn] Add gesture verification parameter to option in both makeC and getA

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Add getAuthenticatorInfo to the Authenticator Model section

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Add isPlatformAuthenticatorReady function to the API surface

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Add Test of User Identity (TUI) bit to authenticator data

• Angelo Liao via GitHub (Thursday, 20 April)
• Jeffrey Yasskin via GitHub (Thursday, 20 April)
• =JeffH via GitHub (Thursday, 20 April)
• =JeffH via GitHub (Thursday, 20 April)
• Angelo Liao (Thursday, 20 April)
• Jakob Ehrensvärd (Thursday, 20 April)
• Jeffrey Yasskin via GitHub (Thursday, 20 April)
• Angelo Liao via GitHub (Wednesday, 19 April)
• =JeffH via GitHub (Wednesday, 19 April)
• Alexei Czeskis via GitHub (Wednesday, 19 April)

[webauthn] Add User Verification (UV) bit to authenticator data

• Angelo Liao via GitHub (Monday, 24 April)
• Mike Jones via GitHub (Monday, 24 April)
• Angelo Liao via GitHub (Monday, 24 April)
• Mike Jones via GitHub (Sunday, 23 April)
• =JeffH via GitHub (Sunday, 23 April)

[webauthn] address empty allowlist in 'use existing cred' alg, fixes #387

• =JeffH via GitHub (Sunday, 30 April)
• Mike Jones via GitHub (Saturday, 29 April)
• Jeffrey Yasskin via GitHub (Friday, 28 April)
• =JeffH via GitHub (Friday, 28 April)
• Mike Jones via GitHub (Friday, 28 April)
• =JeffH via GitHub (Friday, 28 April)
• =JeffH via GitHub (Friday, 28 April)
• =JeffH via GitHub (Wednesday, 26 April)
• =JeffH via GitHub (Wednesday, 26 April)

[webauthn] adopt definition list markdown notation for <div dfn-type="foo" dfn-for="bar"> blocks

• =JeffH via GitHub (Friday, 14 April)

[webauthn] AssertionOptions and ScopedCredentialOptions could both inherit from a dictionary which has their shared members

• Mike Jones via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] attachment is only explicitly used in create()

• =JeffH via GitHub (Friday, 21 April)
• =JeffH via GitHub (Friday, 21 April)

[webauthn] attObj and Figure 3 [[#fig-attStructs]] do not agree

• Mike Jones via GitHub (Saturday, 29 April)
• =JeffH via GitHub (Tuesday, 25 April)
• Vijay Bharadwaj via GitHub (Friday, 14 April)
• =JeffH via GitHub (Thursday, 13 April)

[webauthn] authenticator taxonomy

• =JeffH via GitHub (Tuesday, 25 April)
• =JeffH via GitHub (Saturday, 22 April)
• =JeffH via GitHub (Saturday, 22 April)

[webauthn] authenticatorCancel seems like it can cancel too much

• Boris Zbarsky via GitHub (Thursday, 6 April)
• kpaulh via GitHub (Thursday, 6 April)
• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)
• Boris Zbarsky via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Clarify how a user can authenticate from multiple devices

• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Tuesday, 4 April)

[webauthn] clarify normality of authenticator model - is it actually authenticator API ?

• Mike Jones via GitHub (Wednesday, 5 April)
• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Tuesday, 4 April)

[webauthn] Clarify what is a proprietary attestation format and whether it should be designated by a prefix

• Mike Jones via GitHub (Tuesday, 4 April)

[webauthn] cleanup: attestation object `attObj` format not clearly delineated

• =JeffH via GitHub (Friday, 21 April)
• =JeffH via GitHub (Friday, 7 April)
• =JeffH via GitHub (Friday, 7 April)

[webauthn] Client arguments should be specified with "partial dictionary AuthenticationExtensions"

• Jeffrey Yasskin via GitHub (Saturday, 29 April)
• Jeffrey Yasskin via GitHub (Friday, 21 April)
• Mike Jones via GitHub (Friday, 21 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Consider empty allowLists

• Vijay Bharadwaj via GitHub (Friday, 14 April)
• Jeffrey Yasskin via GitHub (Friday, 14 April)
• =JeffH via GitHub (Friday, 14 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Consider using USVString instead of DOMString sometimes

• Mike Jones via GitHub (Wednesday, 5 April)
• Domenic Denicola via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Convert `makeCredential()`'s parameters into a dictionary.

• =JeffH via GitHub (Friday, 14 April)
• Mike West via GitHub (Friday, 14 April)
• Mike West via GitHub (Wednesday, 12 April)

[webauthn] Correct uses of "JSON string" versus "DOMString" and other string terminology usage

• Mike Jones via GitHub (Friday, 21 April)

[webauthn] Credential CBOR

• Mike Jones via GitHub (Sunday, 2 April)

[webauthn] daaKey format? (ECPointToB -> ECPoint2ToB)

• sjparkRaon via GitHub (Thursday, 13 April)

[webauthn] Define extension client processing more carefully.

• Jeffrey Yasskin via GitHub (Friday, 21 April)
• Mike Jones via GitHub (Friday, 21 April)

[webauthn] Define what happens when the Document loses focus

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] define what to do if both normalizedAlgorithm and cryptoParameters are empty

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] detail-level issues in signature format, attestation format(s), attestation statement

• Mike Jones via GitHub (Wednesday, 5 April)
• Rolf Lindemann via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] do not totally lose the term "WebAuthn Relying Party"

• =JeffH via GitHub (Friday, 7 April)
• Mike Jones via GitHub (Tuesday, 4 April)

[webauthn] DOMString[] should be FrozenArray<DOMString>

• =JeffH via GitHub (Thursday, 6 April)
• Domenic Denicola via GitHub (Thursday, 6 April)
• Mike Jones via GitHub (Wednesday, 5 April)
• Angelo Liao via GitHub (Wednesday, 5 April)
• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)
• Domenic Denicola via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Tuesday, 4 April)

[webauthn] Drop UAF references in favor of better explanation

• Mike Jones via GitHub (Tuesday, 4 April)

[webauthn] Eliminate duplicate terminology

• Angelo Liao via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)
• =JeffH via GitHub (Tuesday, 4 April)

[webauthn] Enable RP to choose authenticators based on key storage capability

• =JeffH via GitHub (Monday, 24 April)
• =JeffH via GitHub (Friday, 21 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] excludeList and allowList should be excludeCredentials and allowCredentials

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] explain challenge's security importance and use in both registration and authentication operations

• =JeffH via GitHub (Wednesday, 19 April)
• Mike West via GitHub (Wednesday, 19 April)
• Vijay Bharadwaj via GitHub (Wednesday, 19 April)
• Mike West via GitHub (Tuesday, 18 April)
• Angelo Liao via GitHub (Tuesday, 18 April)
• =JeffH via GitHub (Tuesday, 18 April)
• Mike West via GitHub (Saturday, 15 April)
• =JeffH via GitHub (Friday, 14 April)
• Jeffrey Yasskin via GitHub (Friday, 14 April)
• =JeffH via GitHub (Friday, 14 April)
• Jeffrey Yasskin via GitHub (Friday, 14 April)
• =JeffH via GitHub (Friday, 14 April)

[webauthn] Expose standard authenticator fields in JS objects, vs. binary

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Fetch intergration for WebAuthn API

• Jeffrey Yasskin via GitHub (Wednesday, 5 April)
• Angelo Liao via GitHub (Wednesday, 5 April)
• Mike West via GitHub (Wednesday, 5 April)
• Jeffrey Yasskin via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Filter makeCredential() by acceptable trust anchors

• Jeffrey Yasskin via GitHub (Wednesday, 12 April)

[webauthn] follow Bluetooth and NFC brand usage guidance

• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] hashAlg -> hashAlgorithm?

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] How to unmarshal in TPM Structure.

• Vijay Bharadwaj via GitHub (Friday, 14 April)
• sjparkRaon via GitHub (Thursday, 13 April)

[webauthn] Internationalization self review

• Mike Jones via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Tuesday, 4 April)

[webauthn] Introduce authenticator response interfaces.

• =JeffH via GitHub (Friday, 14 April)
• Mike West via GitHub (Friday, 14 April)
• J.C. Jones via GitHub (Friday, 14 April)
• J.C. Jones via GitHub (Wednesday, 12 April)
• Angelo Liao via GitHub (Wednesday, 12 April)
• Mike West via GitHub (Wednesday, 12 April)

[webauthn] Is _rpId_ supposed to look like an origin serialization, or like a hostname?

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] leverage "credential source" term from credential management spec

• =JeffH via GitHub (Thursday, 27 April)
• Jeffrey Yasskin via GitHub (Thursday, 27 April)
• =JeffH via GitHub (Thursday, 27 April)

[webauthn] makeCredential should be more precise than NotAllowedError in its last step

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Move `getAssertion()`'s `challenge` into `AssertionOptions`

• =JeffH via GitHub (Friday, 14 April)
• Mike West via GitHub (Friday, 14 April)
• =JeffH via GitHub (Thursday, 13 April)
• =JeffH via GitHub (Wednesday, 12 April)
• Mike West via GitHub (Wednesday, 12 April)
• Mike West via GitHub (Wednesday, 12 April)
• Mike West via GitHub (Wednesday, 12 April)

[webauthn] new commits pushed by AngeloKai

• Angelo Liao via GitHub (Tuesday, 25 April)
• Angelo Liao via GitHub (Tuesday, 25 April)
• Angelo Liao via GitHub (Monday, 24 April)
• Angelo Liao via GitHub (Monday, 24 April)
• Angelo Liao via GitHub (Monday, 24 April)
• Angelo Liao via GitHub (Friday, 21 April)
• Angelo Liao via GitHub (Wednesday, 19 April)
• Angelo Liao via GitHub (Wednesday, 19 April)
• Angelo Liao via GitHub (Wednesday, 19 April)
• Angelo Liao via GitHub (Wednesday, 19 April)

[webauthn] new commits pushed by equalsJeffH

• =JeffH via GitHub (Saturday, 29 April)
• =JeffH via GitHub (Friday, 28 April)
• =JeffH via GitHub (Friday, 28 April)
• =JeffH via GitHub (Wednesday, 26 April)
• =JeffH via GitHub (Wednesday, 26 April)
• =JeffH via GitHub (Wednesday, 26 April)
• =JeffH via GitHub (Tuesday, 25 April)
• =JeffH via GitHub (Sunday, 23 April)
• =JeffH via GitHub (Friday, 21 April)
• =JeffH via GitHub (Friday, 21 April)
• =JeffH via GitHub (Wednesday, 19 April)
• =JeffH via GitHub (Friday, 14 April)
• =JeffH via GitHub (Friday, 14 April)
• =JeffH via GitHub (Friday, 14 April)

[webauthn] new commits pushed by rlin1

• Rolf Lindemann via GitHub (Thursday, 6 April)
• Rolf Lindemann via GitHub (Thursday, 6 April)
• Rolf Lindemann via GitHub (Tuesday, 4 April)
• Rolf Lindemann via GitHub (Tuesday, 4 April)

[webauthn] new commits pushed by selfissued

• Mike Jones via GitHub (Saturday, 29 April)
• Mike Jones via GitHub (Thursday, 27 April)

[webauthn] new commits pushed by vijaybh

• Vijay Bharadwaj via GitHub (Monday, 17 April)

[webauthn] new commits pushed by WebAuthnBot

• WebAuthnBot via GitHub (Saturday, 29 April)
• WebAuthnBot via GitHub (Saturday, 29 April)
• WebAuthnBot via GitHub (Friday, 28 April)
• WebAuthnBot via GitHub (Thursday, 27 April)
• WebAuthnBot via GitHub (Monday, 24 April)
• WebAuthnBot via GitHub (Sunday, 23 April)
• WebAuthnBot via GitHub (Friday, 21 April)
• WebAuthnBot via GitHub (Wednesday, 19 April)
• WebAuthnBot via GitHub (Friday, 14 April)
• WebAuthnBot via GitHub (Friday, 14 April)

[webauthn] normalize RFC2119 language

• Mike Jones via GitHub (Friday, 7 April)
• =JeffH via GitHub (Friday, 7 April)

[webauthn] normalizing term(s) for authenticator-generated RP-specific public key

• =JeffH via GitHub (Tuesday, 4 April)

[webauthn] Processing model for extensions is very underdefined

• Mike Jones via GitHub (Friday, 21 April)
• Mike Jones via GitHub (Friday, 7 April)
• Mike Jones via GitHub (Sunday, 2 April)

[webauthn] Protect against TLS MiTM by including TLS cert chain in signature

• Sam Srinivas via GitHub (Wednesday, 5 April)
• Rolf Lindemann via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] RawId vs Id is confusing

• Mike West via GitHub (Monday, 24 April)
• Jeffrey Yasskin via GitHub (Thursday, 20 April)
• Alexei Czeskis via GitHub (Thursday, 20 April)

[webauthn] References to "algorithm" and "alg" should be same string

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] refine extension terminology

• Mike Jones via GitHub (Friday, 21 April)
• Mike Jones via GitHub (Tuesday, 4 April)

[webauthn] rename "attestation data" to be "attested credential"

• =JeffH via GitHub (Thursday, 6 April)

[webauthn] Rename ScopedCredential to PublicKeyCredential

• Mike West via GitHub (Friday, 28 April)
• =JeffH via GitHub (Saturday, 15 April)
• Jeffrey Yasskin via GitHub (Friday, 14 April)

[webauthn] Replace Authenticator Model with CTAP

• =JeffH via GitHub (Wednesday, 19 April)
• Jeffrey Yasskin via GitHub (Wednesday, 19 April)

[webauthn] restrict WebAuthentication API to only top level browsing context

• Mike West via GitHub (Wednesday, 5 April)
• Jeffrey Yasskin via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] rpID seems to have changed meaning a bit

• =JeffH via GitHub (Monday, 24 April)
• Mike West via GitHub (Monday, 24 April)
• Alexei Czeskis via GitHub (Thursday, 20 April)

[webauthn] Send authenticator extension inputs to authenticators and send client extension outputs to RPs

• Mike Jones via GitHub (Wednesday, 26 April)

[webauthn] Separated proposed changes to extension semantics from PR #386 and use TypeError, per @jyasskin

• =JeffH via GitHub (Friday, 21 April)
• Mike Jones via GitHub (Wednesday, 19 April)

[webauthn] Setting _rpId_ to _callerOrigin_ doesn't make sense

• Mike Jones via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Should the "authentication" attribute on Navigator be [SameObject]?

• =JeffH via GitHub (Wednesday, 19 April)
• Mike West via GitHub (Wednesday, 19 April)
• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Should the WebAuth API have a cancel() method?

• kpaulh via GitHub (Thursday, 6 April)

[webauthn] Some editing cleanup following cred man merge

• =JeffH via GitHub (Friday, 28 April)
• =JeffH via GitHub (Friday, 28 April)
• =JeffH via GitHub (Friday, 28 April)
• =JeffH via GitHub (Friday, 28 April)
• =JeffH via GitHub (Friday, 21 April)
• kpaulh via GitHub (Thursday, 20 April)
• kpaulh via GitHub (Thursday, 20 April)

[webauthn] some RPs may wish to allow multiple registrations to same user account

• =JeffH via GitHub (Friday, 14 April)
• =JeffH via GitHub (Friday, 14 April)

[webauthn] Spec should not mandate behavior of server

• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Tuesday, 4 April)

[webauthn] Specify the set of hash algorithms UAs can select between.

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Strawman of an integration between WebAuthn and Credential Management.

• =JeffH via GitHub (Wednesday, 19 April)
• Mike West via GitHub (Wednesday, 19 April)
• =JeffH via GitHub (Wednesday, 19 April)
• Mike West via GitHub (Wednesday, 19 April)
• =JeffH via GitHub (Tuesday, 18 April)
• Angelo Liao via GitHub (Tuesday, 18 April)
• =JeffH via GitHub (Monday, 10 April)
• Mike West via GitHub (Monday, 10 April)
• =JeffH via GitHub (Saturday, 8 April)
• balfanz via GitHub (Friday, 7 April)
• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)
• =JeffH via GitHub (Wednesday, 5 April)
• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] TAG review feedback: Align Credential interface with Credential Management?

• Mike Jones via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Sunday, 2 April)

[webauthn] Throw "NotFoundError" when internal authenticator is not available or not found

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Throw NotFoundError when no authenticator is available

• =JeffH via GitHub (Saturday, 29 April)
• Mike Jones via GitHub (Saturday, 29 April)
• =JeffH via GitHub (Saturday, 29 April)
• Vijay Bharadwaj via GitHub (Wednesday, 26 April)
• =JeffH via GitHub (Wednesday, 26 April)
• Alexei Czeskis via GitHub (Wednesday, 26 April)
• Vijay Bharadwaj via GitHub (Wednesday, 26 April)
• =JeffH via GitHub (Sunday, 23 April)
• =JeffH via GitHub (Sunday, 23 April)
• =JeffH via GitHub (Sunday, 23 April)
• Mike Jones via GitHub (Sunday, 23 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] tokenBinding member of ClientData should be tokenBindingID

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Too generic names?

• Ian Kilpatrick via GitHub (Wednesday, 5 April)
• Angelo Liao via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Track rename issues to maintain consistency

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] U2F Attestation only lists Basic Attestation as supported

• Rolf Lindemann via GitHub (Monday, 3 April)

[webauthn] Update attestation format identifiers in registry to match spec

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] update extensions framework to include interfacing with user agent permissions framework

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] UVM Extension Editorial Change

• Mike Jones via GitHub (Friday, 21 April)
• =JeffH via GitHub (Friday, 21 April)
• Mike Jones via GitHub (Friday, 21 April)

[webauthn] UVM should be "method" rather than "mode" ?

• Mike Jones via GitHub (Friday, 21 April)
• Mike Jones via GitHub (Thursday, 20 April)
• =JeffH via GitHub (Thursday, 20 April)

[webauthn] Various attributes of ScopedCredentialInfo should probably be [SameObject]

• Mike Jones via GitHub (Wednesday, 5 April)
• Boris Zbarsky via GitHub (Wednesday, 5 April)
• Angelo Liao via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] web-api: is further language needed describing AppID (aka rpId) usage ?

• Mike Jones via GitHub (Tuesday, 4 April)

[webauthn] What does store() do?

• Jeffrey Yasskin via GitHub (Thursday, 20 April)
• Alexei Czeskis via GitHub (Thursday, 20 April)

[webauthn] What ensures any semblance of interop for WebAuthnExtensions?

• =JeffH via GitHub (Wednesday, 5 April)
• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] What extension data is in AuthenticatorAssertionResponse.authenticatorData?

• Mike Jones via GitHub (Friday, 21 April)
• Jeffrey Yasskin via GitHub (Friday, 21 April)

[webauthn] Why are various predefined extensions defined as extensions, and not just parts of the spec?

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Why is the only value of ScopedCredentialType "ScopedCred" as opposed to "ScopedCredential"?

• Mike Jones via GitHub (Wednesday, 5 April)

[webauthn] Why was PR #409 (UV bit) merged?

• Jakob Ehrensvärd (Tuesday, 25 April)
• Alexei Czeskis via GitHub (Monday, 24 April)
• Angelo Liao via GitHub (Monday, 24 April)
• Alexei Czeskis via GitHub (Monday, 24 April)
• Angelo Liao via GitHub (Monday, 24 April)
• =JeffH via GitHub (Monday, 24 April)
• Alexei Czeskis via GitHub (Monday, 24 April)

Benefits of exposing webauthn through navigator.credentials

• Mike West (Tuesday, 11 April)
• Vijay Bharadwaj (Monday, 10 April)
• Mike West (Monday, 10 April)
• Dirk Balfanz (Friday, 7 April)
• Jeffrey Yasskin (Wednesday, 5 April)

Closed: [webauthn] "Authenticator argument" vs. "authenticator data value" in Extensions section

• Mike Jones via GitHub (Friday, 21 April)

Closed: [webauthn] "rp" isn't a widely enough known acronym?, should be relyingParty instead?

• Mike Jones via GitHub (Wednesday, 5 April)

Closed: [webauthn] Account information merge

• =JeffH via GitHub (Friday, 28 April)

Closed: [webauthn] Add cloud transport option to transport hint

• Angelo Liao via GitHub (Thursday, 6 April)

Closed: [webauthn] Add explanation of why the account argument is useful

• J.C. Jones via GitHub (Wednesday, 5 April)

Closed: [webauthn] Clarify what is a proprietary attestation format and whether it should be designated by a prefix

• Mike Jones via GitHub (Tuesday, 4 April)

Closed: [webauthn] Client arguments should be specified with "partial dictionary AuthenticationExtensions"

• Jeffrey Yasskin via GitHub (Saturday, 29 April)

Closed: [webauthn] Define extension client processing more carefully.

• Jeffrey Yasskin via GitHub (Friday, 21 April)

Closed: [webauthn] DOMString[] should be FrozenArray<DOMString>

• =JeffH via GitHub (Thursday, 6 April)

Closed: [webauthn] How to unmarshal in TPM Structure.

• Vijay Bharadwaj via GitHub (Friday, 14 April)

Closed: [webauthn] Processing model for extensions is very underdefined

• Mike Jones via GitHub (Friday, 21 April)

Closed: [webauthn] refine extension terminology

• Mike Jones via GitHub (Friday, 21 April)

Closed: [webauthn] Should the "authentication" attribute on Navigator be [SameObject]?

• =JeffH via GitHub (Wednesday, 19 April)

Closed: [webauthn] TAG review feedback: Align Credential interface with Credential Management?

• Angelo Liao via GitHub (Friday, 21 April)

Closed: [webauthn] Throw "NotFoundError" when internal authenticator is not available or not found

• =JeffH via GitHub (Saturday, 29 April)

Closed: [webauthn] Update attestation format identifiers in registry to match spec

• Mike Jones via GitHub (Wednesday, 5 April)

Closed: [webauthn] UVM should be "method" rather than "mode" ?

• Mike Jones via GitHub (Friday, 21 April)

Closed: [webauthn] What ensures any semblance of interop for WebAuthnExtensions?

• =JeffH via GitHub (Wednesday, 5 April)

Closed: [webauthn] Why are various predefined extensions defined as extensions, and not just parts of the spec?

• Mike Jones via GitHub (Wednesday, 5 April)

correction to webauthn F2F Feb-2017 minutes

• =JeffH (Wednesday, 26 April)

Dirk's presentation of the relationship between CredMan and WebAuthn

• Hodges, Jeff (Saturday, 8 April)
• Hodges, Jeff (Saturday, 8 April)

Extension language significantly clarified

• Mike Jones (Wednesday, 19 April)

headzup: issues with travis-ci's bikeshed output?

• =JeffH (Wednesday, 19 April)

Intended Status for <draft-hodges-webauthn-registries-00.txt> changed to Informational

• Mike Jones (Sunday, 2 April)

merge #397, #398, #399 ?

• Alexei Czeskis (Friday, 14 April)
• =JeffH (Friday, 14 April)
• Alexei Czeskis (Friday, 14 April)
• =JeffH (Friday, 14 April)
• Anthony Nadalin (Friday, 14 April)
• =JeffH (Friday, 14 April)

Minutes of past meetings

• Wendy Seltzer (Friday, 14 April)

PR #217 factored into 8 PRs, each with defined purpose and scope

• Mike Jones (Thursday, 27 April)
• Mike Jones (Thursday, 27 April)

PR #384 CredMan Integration

• Hodges, Jeff (Wednesday, 12 April)
• Alexei Czeskis (Wednesday, 12 April)
• Vijay Bharadwaj (Tuesday, 11 April)
• Mike West (Tuesday, 11 April)
• Hodges, Jeff (Tuesday, 11 April)
• Angelo Liao (Tuesday, 11 April)
• Hodges, Jeff (Tuesday, 11 April)
• Angelo Liao (Tuesday, 11 April)
• Alexei Czeskis (Tuesday, 11 April)
• J.C. Jones (Tuesday, 11 April)
• Angelo Liao (Tuesday, 11 April)
• Angelo Liao (Tuesday, 11 April)
• Hodges, Jeff (Tuesday, 11 April)
• Vijay Bharadwaj (Tuesday, 11 April)
• Alexei Czeskis (Tuesday, 11 April)
• Anthony Nadalin (Tuesday, 11 April)
• Hodges, Jeff (Monday, 10 April)
• Anthony Nadalin (Monday, 10 April)

PRs left for WD-05

• Angelo Liao (Wednesday, 19 April)

Review of PR #378 "Enable RP to choose authenticators based on key storage capability"

• =JeffH (Sunday, 23 April)

review of PR #384 submitted

• =JeffH (Friday, 7 April)

Review of PR #409: Add User Verification (UV) bit to authenticator data

• =JeffH (Sunday, 23 April)

Review of PR#350: Throw NotFoundError when no authenticator is available

• =JeffH (Sunday, 23 April)

Review PR 378, 428, 429

• Mike Jones (Saturday, 29 April)
• Angelo Liao (Friday, 28 April)

Review PR 378:

• Angelo Liao (Tuesday, 25 April)

Splitting "Credential Management"?

• Hodges, Jeff (Thursday, 6 April)

Unknowns of the WebAuthn + CredMan merge

• Hodges, Jeff (Friday, 14 April)
• Jeffrey Yasskin (Friday, 14 April)
• Angelo Liao (Thursday, 13 April)

wrt PR #397 and #398

• Hodges, Jeff (Friday, 14 April)

Last message date: Sunday, 30 April 2017 00:01:47 UTC