Re: Status report re: WebAuth extension interop reporting from Samuel Weiler on 2018-11-27 (public-webauthn@w3.org from November 2018)

From: Samuel Weiler <weiler@w3.org>
Date: Tue, 27 Nov 2018 17:05:17 -0500
To: Brett McDowell <brett@fidoalliance.org>
Cc: Yuriy Ackermann <ackermann.yuriy@gmail.com>, public-webauthn@w3.org, swick@w3.org, "Hayward, Rae" <rae@fidoalliance.org>
Message-ID: <4011e24e-d60c-2fcf-3e58-f3745249da80@w3.org>
On 11/27/18 4:59 PM, Brett McDowell wrote:
> At the risk of transparency, and based on my assessment that we are 
> talking past each other and duplicating effort, may I suggest Sam jump 
> on a call with Yuriy, open up some form of screen sharing, and get to 
> the bottom of what needs answering once and for all?  Heck, it could be 
> a bridge we advertise so others could join as well (for transparency). 
> But the emails are just keeping us in a loop of "I answered your 
> question, I don't think you answered my question..."

That might well be useful - thank you for suggesting it.  I'll email Yuriy.

> 
> Brett McDowell | Sent from mobile
> 
> On Wed, Nov 28, 2018, 5:25 AM Samuel Weiler <weiler@w3.org 
> <mailto:weiler@w3.org> wrote:
> 
>     Thank you, Yuriy.
> 
>     I'm not trivially seeing in these documents the answers to the specific
>     questions I asked on 7 November.
> 
>     I think it would be helpful to go through the specific questions I
>     asked
>     on 7 November, address them directly, and (ideally) point us at the
>     portions of documents (similar to these test plans) that support those
>     answers.
> 
>     I also see that this v1.1 test plan is dated 8 November 2018.  I would
>     expect to see artifacts from when the relevant interop testing
>     happened,
>     acknowledging that might not match what is happening now.
> 
>     -- Sam
> 
>     On 11/20/18 5:39 PM, Ackermann Yuriy wrote:
>      > Current certification process made of three stages:
>      >
>      > - Conformance testing, done through our automated conformance tests
>      > tools. Conformance tools ensure that:
>      >   * Server returns valid requests and accepts valid
>     responses(Positive
>      > tests)
>      >   * Server throws error when bad response is received(Negative tests)
>      >   * Authenticator successfully process valid requests, and it
>     responses
>      > are compliant to the specs(Positive tests)
>      >   * Authenticator returns an error if bad request was
>     sent(Negative tests)
>      >
>      > - Interoperability event, short Interop, is an event where
>     server, and
>      > authenticator vendors meet and test their implementations against
>     each
>      > other. Every authenticator is tested against every server. If issue
>      > found, investigation is done by the authenticator and server vendor
>      > under supervision of the FIDO engineer. If changes are made to
>     any code,
>      > server or/and authenticator vendor will re-run conformance tools,
>     and
>      > repeat their testing.
>      >
>      > - Security questionary: authenticator vendor will sit with FIDO
>     security
>      > secretariat representative and will assert their claims to their
>      > security level.
>      >
>      > The conformance testing is governed by the testplan, that is
>     approved by
>      > the TWG. Here is UAF1.1 test plan and FIDO2 testplan for the
>     extension
>      > testing(sorry my bikeshed is broken and I am in the middle of flying)
>      >
>      > Please let me know if there is any other information you are required
>      >
>      > Yuriy Ackermann
>      > FIDO, Identity, Standards
>      > skype: ackermann.yuriy
>      > github: @herrjemand <https://github.com/herrjemand>
>      > twitter: @herrjemand <https://twitter.com/herrjemand>
>      > medium: @herrjemand <https://medium.com/@herrjemand>
>      >
>      >
>      > ср, 21 нояб. 2018 г. в 08:56, Brett McDowell
>     <brett@fidoalliance.org <mailto:brett@fidoalliance.org>
>      > <mailto:brett@fidoalliance.org <mailto:brett@fidoalliance.org>>>:
>      >
>      >     Thanks Sam.  Jumping to the question you didn't think we
>     answered yet...
>      >
>      >     On Tue, Nov 20, 2018 at 2:37 PM Samuel Weiler <weiler@w3.org
>     <mailto:weiler@w3.org>
>      >     <mailto:weiler@w3.org <mailto:weiler@w3.org>>> wrote:
>      >
>      >         Rather than try to reformat the data FIDO has, I
>     encourage you
>      >         to focus
>      >         first on the specific question I asked on November 7th.  That
>      >         question,
>      >         which I managed to phrase as a yes/no, boils down to
>     "would you
>      >         please
>      >         clarify the minimum requirements for certification, so we can
>      >         see if
>      >         certification necessarily would prove extension interop?".
>      >
>      >
>      >     In a word -- YES -- and I thought Yuriy had actually answered
>     that
>      >     in detail by passing along the certification criteria and
>     test plan.
>      >
>      >     Yuriy,
>      >     Since you are already on the list can you package up all the
>     details
>      >     you previously sent to W3C separately and include them all
>     here in
>      >     one reply to the public list?
>      >
>
Received on Tuesday, 27 November 2018 22:05:20 UTC