05/05/2021 W3C Web Authentication Meeting from nadalin@prodigy.net on 2021-05-05 (public-webauthn@w3.org from May 2021)

From: <nadalin@prodigy.net>
Date: Tue, 4 May 2021 19:55:53 -0700
To: "'W3C Web Authn WG'" <public-webauthn@w3.org>, "'John Fontana'" <jfontana@yubico.com>
Message-ID: <102701d7415a$2a547880$7efd6980$@prodigy.net>
 

 

Here is the agenda for the 05/05/2021 W3C Web Authentication WG Meeting,
that will take place as a 60 minute teleconference. Remember call is at NOON
PDT

 

Select scribe please someone be willing to scribe so we can get down to the
issues

 

1.	Here is the link to the Level 2 Webauthn Recommendation
https://www.w3.org/TR/2021/REC-webauthn-2-20210408/
2.	First Public Working Draft of Level 3 has now been published,
https://www.w3.org/TR/webauthn-3/

3.	2021 TPAC18-22 October: Breakout sessions- 25-29 October: Groups and
Joint Meetings
4.	SPWG Update
5.	L3 WD01 open pull requests and open issues

 

Pull requests · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AL3-WD
-01> 

1.	Fix incorrect authenticator operation reference in §6.1.2 by emlun ·
Pull Request #1609 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/pull/1609> 
2.	Remove mention of ECDAA from Figure 6 by emlun · Pull Request #1607
· w3c/webauthn (github.com) <https://github.com/w3c/webauthn/pull/1607> 
3.	Remove user handle  <https://github.com/w3c/webauthn/pull/1600> "MAY
be null" statement by equalsJeffH · Pull Request #1600 · w3c/webauthn
(github.com)
4.	Move JC to former editors by wseltzer · Pull Request #1599 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/pull/1599> 
5.	Add WebDriver support for credBlob by agl · Pull Request #1586 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/pull/1586> 
6.	Update CTAP reference. by agl · Pull Request #1585 · w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/pull/1585> 
7.	conditional UI via mediation by equalsJeffH · Pull Request #1576 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/pull/1576> 
8.	Add recovery extension by emlun · Pull Request #1425 · w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/pull/1425> 
9.	Ask for tests for normative changes in CONTRIBUTING.md by foolip ·
Pull Request #653 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/pull/653> 

 

Pull requests · w3c/webauthn · GitHub
<https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+no%3Amilestone> 

1.	Switch h2#subtitle to h2#profile-and-date by deniak · Pull Request
#1602 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/pull/1602> 

 

Issues · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AL
3-WD-01> 

1.	update Figure 6 to remove mention of ECDAA · Issue #1606 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1606> 
2.	 <https://github.com/w3c/webauthn/issues/1598> "The user handle MUST
NOT be empty, though it MAY be null" - but only in responses? · Issue #1598
· w3c/webauthn (github.com)
3.	Make signature counters a MAY ? · Issue #1590 · w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1590> 
4.	Inconsistent RP directions for handling credential transports ·
Issue #1587 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1587> 
5.	Support for remote desktops · Issue #1577 · w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1577> 
6.	Prevent browsers from deleting credentials that the RP wanted to be
server-side · Issue #1569 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1569> 
7.	Support a  <https://github.com/w3c/webauthn/issues/1568> "create or
get [or replace]" credential re-association operation · Issue #1568 ·
w3c/webauthn (github.com)
8.	Questions about user handle when supporting usernameless · Issue
#1559 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1559> 
9.	Move step 16 of Registration to between 21 and 22 · Issue #1555 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1555> 
10.	Adding info about HSTS for the RPID to client Data. · Issue #1554 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1554> 
11.	Support for authenticators providing more than one key · Issue #1546
· w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1546> 
12.	Add support for non-modal UI · Issue #1545 · w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1545> 
13.	Making PublicKeyCredentialDescriptor.transports mandatory · Issue
#1522 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1522> 
14.	double check whether the Secure Payment Confirmation effort has
implications on the WebAuthn spec · Issue #1492 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1492> 
15.	cleanup  <https://github.com/w3c/webauthn/issues/1489> <pre
class=anchors> and use <pre class="link-defaults"> as appropriate · Issue
#1489 · w3c/webauthn (github.com)
16.	Regarding the issue of Credential ID exposure(13.5.6), from what
perspective should RP compare RK and NRK and which should be adopted? ·
Issue #1484 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1484> 
17.	Move PRF Extension into its own specification · Issue #1462 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1462> 
18.	Personal information updates
<https://github.com/w3c/webauthn/issues/1456> & webauthn · Issue #1456 ·
w3c/webauthn (github.com)
19.	Requesting properties of created credentials. · Issue #1449 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1449> 
20.	PublicKeyCredentialParameters can't select curve (E.g. ed448) ·
Issue #1446 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1446> 
21.	 <https://github.com/w3c/webauthn/issues/1421> "privacy ca" term in
images/fido-attestation-structures.svg · Issue #1421 · w3c/webauthn
(github.com)
22.	WebAuthn and Web Payments -- Transaction Confirmation, 3DS2, SRC,
etc. · Issue #1396 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1396> 
23.	More explicitly document use cases · Issue #1389 · w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1389> 
24.	Addition of a network transport · Issue #1381 · w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1381> 
25.	Minor cleanups from PR 1270 review · Issue #1291 · w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1291> 
26.	Specify authenticator attachment for authentication operation ·
Issue #1267 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1267> 
27.	Clearly define the way how RP handles the extensions · Issue #1258 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1258> 
28.	add feature detection blurb... · Issue #1208 · w3c/webauthn
(github.com) <https://github.com/w3c/webauthn/issues/1208> 
29.	think about adding note wrt how client platform might obtain
authenticator capabilities · Issue #1207 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1207> 
30.	Update name, displayname and icon for RP and user · Issue #1200 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1200> 
31.	export definitions? · Issue #1049 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1049> 
32.	Recovering from Device Loss · Issue #931 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/931> 
33.	undefined terms and terms we really ought to define · Issue #462 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/462> 

 

Issues · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+-label%3Astat
%3AOnGoing+-label%3Astat%3Apr-open+no%3Amilestone> 

1.	PROPOSAL: Add support for general (hardware backed) cryptographic
signatures and key exchange · Issue #1608 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1608> 
2.	Multiple Credentials in a single Enrollment · Issue #1603 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1603> 
3.	Multiple Authenticator Options and Policies · Issue #1601 ·
w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1601> 
4.	Can the private keys be used for other cryptographic operations? ·
Issue #1595 · w3c/webauthn (github.com)
<https://github.com/w3c/webauthn/issues/1595> 
5.	 <https://github.com/w3c/webauthn/issues/1580> <new proposal>
Extending WebAuthn Protocol for Remote Authentication · Issue #1580 ·
w3c/webauthn · GitHub
6.	need  <https://github.com/w3c/webauthn/issues/1477> "how to install
bikeshed in one's local webauthn repo clone" instructions · Issue #1477 ·
w3c/webauthn (github.com)

  

4.   Other open issues

5.   Adjourn

Because of toll fraud issues MIT has been experiencing, I've been asked to
change our call coordinates and password and, as an ongoing thing, not
distribute the call coordinates publicly. That means not including the WebEx
call number or URL in our agendas or minutes.

 

You can find the new call coordinates at this link, accessible with your W3C
member login credentials.

https://www.w3.org/2016/01/webauth-password.html
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.or
g%2F2016%2F01%2Fwebauth-password.html&data=04%7C01%7Ctonynad%40microsoft.com
%7C9cd59d2cfccb46b0986d08d82dcf4b7c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7
C0%7C637309715629125857%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=rRnXdea9sqPx%2B7Z8fbc7bv
%2F5nY%2BLZStYSARGKVdH1pA%3D&reserved=0>  

 

 

 

 

Get Outlook for Android <https://aka.ms/ghei36>
Received on Wednesday, 5 May 2021 02:56:12 UTC