Re: Substitute minutes of W3C Web Authn meeting 26-Sep-2018 from Wendy Seltzer on 2018-09-26 (public-webauthn@w3.org from September 2018)

From: Wendy Seltzer <wseltzer@w3.org>
Date: Wed, 26 Sep 2018 16:29:21 -0400
To: W3C Web Authn WG <public-webauthn@w3.org>
Message-ID: <79c9a30e-7576-68b5-801f-669cd7658f46@w3.org>
Thanks John,

HTML version now available at
https://www.w3.org/2018/09/26-webauthn-minutes.html

--Wendy

On 09/26/2018 01:50 PM, John Fontana wrote:
> #webauthn: (no topic set)
> [11:00] == jfontana [~jfontana@public.cloak] has joined #webauthn
> [11:01] <elundberg> present+
> [11:01] <jeffh> present+
> [11:04] <plh_>
> https://lists.w3.org/Archives/Member/chairs/2018JulSep/0139.html
> [11:04] <jeffh> invite zakim?
> [11:04] <jfontana> Tony: philippe is on and will fill us in
> [11:04] <jfontana> PLH: we looked at reuest and we have a few questionsa nd
> maybe one major concner.
> [11:04] <jfontana> ...first is the one that could be major, it is about the
> extensions.
> [11:05] <jfontana> ...understanding we when yo moved to CR if any
> extensions would be dropped or made informative.
> [11:05] <jfontana> ...they were kept as optional
> [11:05] <jfontana> tony: let me address. Giri is pulling together set of
> arguments for arguments.
> [11:06] <jfontana> ...that will be presentedat the TPAC timeframe.
> [11:06] <jfontana> ...we will argue all the extensions should be informal
> and optional
> [11:06] <jfontana> ..we beoieve we have basis of argument
> [11:06] <jfontana> plh: hav eot have a  phone call wit the director.
> [11:06] <jfontana> ...it sould help to organize a phone call on that.
> [11:06] <jfontana> ...the other ones are not as critical
> [11:07] <jfontana> ...we notice that the spec is using an IETF draft for
> token binding.
> [11:07] <jfontana> .we did see the email from the chair of that group, but  we
> don't know the status
> [11:07] <jfontana> self-issue: they are RFC , with the editor and expect
> them in days.
> [11:08] <jfontana> plh: you have said enough, we believe you
> [11:08] <jfontana> ...tahnk you
> [11:11] <jfontana> ...the next question was, want improvement of working on
> slight way we talk about what issue gaining or losing focus on document,
> change is paragraph issue in 5.6 of spec.
> [11:11] <jfontana> ...say the  issue will be updated.
> [11:11] <jfontana>  self-issue: fine for you to do that
> [11:11] <jfontana> tony:it is editorial change.
> [11:11] <jfontana> plh
> [11:12] <jfontana> plh: we address lot of issues that are in edtiiors draft
> , update those links to the current draft.
> [11:12] <jfontana> ...if there are any links that would become broken in
> the operation we will come back to you , OK?
> [11:12] <jfontana> tony: good to me
> [11:12] <jfontana> plh: build consistencies in your references.
> [11:13] <jfontana> ...last point is interop report.
> [11:13] <jfontana> ...we received  this information. we looked  at it and
> we had some tests in wpt  on web auth and most of those are failing. are
> those tests relevant.
> [11:14] <jfontana> tony: this is the interop. getting it green for Edge vs.
> the red status
> [11:14] <jfontana> akshay: adam's list.
> [11:14] <plh_> https://wpt.fyi/results/webauthn?label=stable&aligned=true
> [11:14] <jfontana> ?
> [11:14] <jfontana> tony: answer is they will not fail. we are updating.
> [11:15] <jfontana> ...we will update the matrix for the test that failed
> [11:15] <jfontana> plh: ok. it would be nice to have to updates done when
> we talk to the director.
> [11:16] <jfontana> ...i tried to run all those tests and I was able to get
> into green, we thought the tests may not have been run properly.
> [11:16] <jfontana> skshay: which link are you talking about, which test
> [11:16] <jfontana> plh: I put the link in IRC
> [11:16] <jfontana> ...we need to run these tests.
> [11:17] <jfontana> tony: this may also have to do on how we are running the
> tests.
> [11:17] <jfontana> ...we should have a phone call and pull in Adam.
> [11:17] == john_bradley [~john_bradley@public.cloak] has joined #webauthn
> [11:17] <jfontana> plh: can you generate a repo to look at the conditions
> when red, when green
> [11:17] <jfontana> ...so this is it.
> [11:18] <jfontana> ...we need phone call to talk about the extensions.
> [11:18] <jfontana> ...mike jones, sam, giri, co-chairs,
> [11:18] <jfontana> ..and maybe jeeH
> [11:18] <jfontana> jeffH: sure.
> [11:18] <jfontana> plh: timeline?
> [11:18] <jfontana> tony: we would like to have this by next week some time.
> [11:19] <jfontana> ..i need a few days to talk to giri.
> [11:19] <jfontana> plh: OK
> [11:19] <jfontana> tony: talking next week.
> [11:20] <jfontana> jfontana: monday, tues. wed.
> [11:20] <jfontana> ...days we need to do it.many headed to FIDO plenary
> [11:20] <jfontana> tony: and we have issues with the tests.  we should have
> a separate call with Adam
> [11:21] <jfontana> ...let me talk to adam
> [11:21] <jfontana> maybe we don't need a call.
> [11:21] <jfontana> ...we will tried to get this cleared up next week
> [11:22] <jfontana> plh: yes
> [11:24] <jeffh> https://github.com/w3c/webauthn/pull/1082
> [11:24] <jfontana> emil: JeffH are you suggesting we restructure the
> algorithm step? or is it a counter issue?
> [11:25] <jfontana> ...the server might have already identified the user, or
> not.
> [11:25] <jfontana> jeffH: it is just the terms that I am concerned about.
> [11:26] <jfontana> emil: not sure how to get around owner / user
> [11:26] <jfontana> jeffH: the term identified, we don't have that notion
> defined. don't know what account is being used.
> [11:26] <jfontana> ...it is RP specific.
> [11:27] <jfontana> ...the term identified. did we mean user verification.
> no.
> [11:28] <jfontana> emil (elundberg): you could have the request  refer to
> values that were used in the request
> [11:28] <jfontana> jeffH: there is not  a step to verify the credential
> source..
> [11:28] <jfontana> ...we need steps for the RP on creation.
> [11:29] == plh_ has changed nick to plh
> [11:30] <jfontana> ...one could argue we punt this to level 2
> [11:30] <jfontana> elundberg: it wold be a technical issue
> [11:30] <jfontana> JeffH: i will try to propose tech today.
> [11:31] <elundberg> s/tech/text/
> [11:31] <jfontana> agl: the HMAC secret extension did you use hypen or
> underscore
> [11:31] <jfontana> akshay: have not seen hypen before, but it looks like it
> is supported
> [11:32] <jfontana> agl: I think we will support it.
> [11:32] <jfontana> akshay: it is a hypen.
> [11:32] <jfontana> agl: also #1050 I updated it, it is transports in
> registrations
> [11:33] <jfontana> akshay: i think this looks fine, let me look at it.
> 
> 


-- 
Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
Strategy Lead, World Wide Web Consortium (W3C)
https://wendy.seltzer.org/        +1.617.863.0613 (mobile)
Received on Wednesday, 26 September 2018 20:29:25 UTC