W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2021

05/05/2021 W3C Web Authentication Meeting

From: <nadalin@prodigy.net>
Date: Tue, 4 May 2021 19:55:53 -0700
To: "'W3C Web Authn WG'" <public-webauthn@w3.org>, "'John Fontana'" <jfontana@yubico.com>
Message-ID: <102701d7415a$2a547880$7efd6980$@prodigy.net>
 

 

Here is the agenda for the 05/05/2021 W3C Web Authentication WG Meeting,
that will take place as a 60 minute teleconference. Remember call is at NOON
PDT

 

Select scribe please someone be willing to scribe so we can get down to the
issues

 

1.	Here is the link to the Level 2 Webauthn Recommendation
https://www.w3.org/TR/2021/REC-webauthn-2-20210408/
2.	First Public Working Draft of Level 3 has now been published,
https://www.w3.org/TR/webauthn-3/

3.	2021 TPAC18-22 October: Breakout sessions- 25-29 October: Groups and
Joint Meetings
4.	SPWG Update
5.	L3 WD01 open pull requests and open issues

 

Pull requests  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AL3-WD
-01> 

1.	Fix incorrect authenticator operation reference in 6.1.2 by emlun 
Pull Request #1609  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/pull/1609> 
2.	Remove mention of ECDAA from Figure 6 by emlun  Pull Request #1607
 w3c/webauthn (github.com) <https://github.com/w3c/webauthn/pull/1607> 
3.	Remove user handle  <https://github.com/w3c/webauthn/pull/1600> "MAY
be null" statement by equalsJeffH  Pull Request #1600  w3c/webauthn
(github.com)
4.	Move JC to former editors by wseltzer  Pull Request #1599 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/pull/1599> 
5.	Add WebDriver support for credBlob by agl  Pull Request #1586 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/pull/1586> 
6.	Update CTAP reference. by agl  Pull Request #1585  w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/pull/1585> 
7.	conditional UI via mediation by equalsJeffH  Pull Request #1576 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/pull/1576> 
8.	Add recovery extension by emlun  Pull Request #1425  w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/pull/1425> 
9.	Ask for tests for normative changes in CONTRIBUTING.md by foolip 
Pull Request #653  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/pull/653> 

 

Pull requests  w3c/webauthn  GitHub
<https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+no%3Amilestone> 

1.	Switch h2#subtitle to h2#profile-and-date by deniak  Pull Request
#1602  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/pull/1602> 

 

Issues  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AL
3-WD-01> 

1.	update Figure 6 to remove mention of ECDAA  Issue #1606 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1606> 
2.	 <https://github.com/w3c/webauthn/issues/1598> "The user handle MUST
NOT be empty, though it MAY be null" - but only in responses?  Issue #1598
 w3c/webauthn (github.com)
3.	Make signature counters a MAY ?  Issue #1590  w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1590> 
4.	Inconsistent RP directions for handling credential transports 
Issue #1587  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1587> 
5.	Support for remote desktops  Issue #1577  w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1577> 
6.	Prevent browsers from deleting credentials that the RP wanted to be
server-side  Issue #1569  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1569> 
7.	Support a  <https://github.com/w3c/webauthn/issues/1568> "create or
get [or replace]" credential re-association operation  Issue #1568 
w3c/webauthn (github.com)
8.	Questions about user handle when supporting usernameless  Issue
#1559  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1559> 
9.	Move step 16 of Registration to between 21 and 22  Issue #1555 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1555> 
10.	Adding info about HSTS for the RPID to client Data.  Issue #1554 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1554> 
11.	Support for authenticators providing more than one key  Issue #1546
 w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1546> 
12.	Add support for non-modal UI  Issue #1545  w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1545> 
13.	Making PublicKeyCredentialDescriptor.transports mandatory  Issue
#1522  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1522> 
14.	double check whether the Secure Payment Confirmation effort has
implications on the WebAuthn spec  Issue #1492  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1492> 
15.	cleanup  <https://github.com/w3c/webauthn/issues/1489> <pre
class=anchors> and use <pre class="link-defaults"> as appropriate  Issue
#1489  w3c/webauthn (github.com)
16.	Regarding the issue of Credential ID exposure(13.5.6), from what
perspective should RP compare RK and NRK and which should be adopted? 
Issue #1484  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1484> 
17.	Move PRF Extension into its own specification  Issue #1462 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1462> 
18.	Personal information updates
<https://github.com/w3c/webauthn/issues/1456> & webauthn  Issue #1456 
w3c/webauthn (github.com)
19.	Requesting properties of created credentials.  Issue #1449 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1449> 
20.	PublicKeyCredentialParameters can't select curve (E.g. ed448) 
Issue #1446  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1446> 
21.	 <https://github.com/w3c/webauthn/issues/1421> "privacy ca" term in
images/fido-attestation-structures.svg  Issue #1421  w3c/webauthn
(github.com)
22.	WebAuthn and Web Payments -- Transaction Confirmation, 3DS2, SRC,
etc.  Issue #1396  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1396> 
23.	More explicitly document use cases  Issue #1389  w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1389> 
24.	Addition of a network transport  Issue #1381  w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1381> 
25.	Minor cleanups from PR 1270 review  Issue #1291  w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1291> 
26.	Specify authenticator attachment for authentication operation 
Issue #1267  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1267> 
27.	Clearly define the way how RP handles the extensions  Issue #1258 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1258> 
28.	add feature detection blurb...  Issue #1208  w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1208> 
29.	think about adding note wrt how client platform might obtain
authenticator capabilities  Issue #1207  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1207> 
30.	Update name, displayname and icon for RP and user  Issue #1200 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1200> 
31.	export definitions?  Issue #1049  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1049> 
32.	Recovering from Device Loss  Issue #931  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/931> 
33.	undefined terms and terms we really ought to define  Issue #462 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/462> 

 

Issues  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+-label%3Astat
%3AOnGoing+-label%3Astat%3Apr-open+no%3Amilestone> 

1.	PROPOSAL: Add support for general (hardware backed) cryptographic
signatures and key exchange  Issue #1608  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1608> 
2.	Multiple Credentials in a single Enrollment  Issue #1603 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1603> 
3.	Multiple Authenticator Options and Policies  Issue #1601 
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1601> 
4.	Can the private keys be used for other cryptographic operations? 
Issue #1595  w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1595> 
5.	 <https://github.com/w3c/webauthn/issues/1580> <new proposal>
Extending WebAuthn Protocol for Remote Authentication  Issue #1580 
w3c/webauthn  GitHub
6.	need  <https://github.com/w3c/webauthn/issues/1477> "how to install
bikeshed in one's local webauthn repo clone" instructions  Issue #1477 
w3c/webauthn (github.com)

  

4.   Other open issues

5.   Adjourn

Because of toll fraud issues MIT has been experiencing, I've been asked to
change our call coordinates and password and, as an ongoing thing, not
distribute the call coordinates publicly. That means not including the WebEx
call number or URL in our agendas or minutes.

 

You can find the new call coordinates at this link, accessible with your W3C
member login credentials.

https://www.w3.org/2016/01/webauth-password.html
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.or
g%2F2016%2F01%2Fwebauth-password.html&data=04%7C01%7Ctonynad%40microsoft.com
%7C9cd59d2cfccb46b0986d08d82dcf4b7c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7
C0%7C637309715629125857%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=rRnXdea9sqPx%2B7Z8fbc7bv
%2F5nY%2BLZStYSARGKVdH1pA%3D&reserved=0>  

 

 

 

 

Get Outlook for Android <https://aka.ms/ghei36> 
Received on Wednesday, 5 May 2021 02:56:12 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC