- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Wed, 17 Nov 2021 14:09:57 -0500
- To: nadalin@prodigy.net, 'W3C Web Authn WG' <public-webauthn@w3.org>, 'John Fontana' <jfontana@yubico.com>, "'Phillips, Addison'" <addison@lab126.com>, 'Christiaan Brand' <cbrand@google.com>
On 11/16/21 8:21 PM, nadalin@prodigy.net wrote: > > > Here is the agenda for the 11/017/2021W3C Web Authentication WG Meeting, > that will take place as a 60 minute teleconference. Remember call is at > NOON PDT > > > > Select scribe please someone be willing to scribe so we can get down to > the issues > > > > 1. Here is the link to the Level 2 Webauthn Recommendation > https://www.w3.org/TR/2021/REC-webauthn-2-20210408/ > <https://www.w3.org/TR/2021/REC-webauthn-2-20210408/> > 2. First Public Working Draft of Level 3 has now been published, > https://www.w3.org/TR/webauthn-3/ <https://www.w3.org/TR/webauthn-3/> > > 3. SPWG Update(John or Jeff) > 4. Draft Charter > https://w3c.github.io/charter-drafts/2021/webauthn-2021.html > <https://w3c.github.io/charter-drafts/2021/webauthn-2021.html> > status (Wendy) > 5. I18N Issues – if Addison Phillips attends Addison has posted a comment in issue 1644, https://github.com/w3c/webauthn/issues/1644#issuecomment-966654233 and invited the editors/WG to follow up with further questions or proposed resolution. I don't think we're currently expecting him on a call. Thanks, --Wendy > 6. L3 WD01 open pull requests and open issues > > > > Pull requests · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AL3-WD-01> > > 1. Additional polish for PR #1621 by emlun · Pull Request #1674 > · w3c/webauthn · GitHub > <https://github.com/w3c/webauthn/pull/1674> > 2. device public key extension by equalsJeffH · Pull Request > #1663 · w3c/webauthn · GitHub > <https://github.com/w3c/webauthn/pull/1663> > 3. Clarify, simplify and align parameter descriptions by emlun > · Pull Request #1621 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/pull/1621> > 4. conditional UI via mediation by equalsJeffH · Pull Request > #1576 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/pull/1576> > 5. Add recovery extension by emlun · Pull Request #1425 · > w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/pull/1425> > 6. Ask for tests for normative changes in CONTRIBUTING.md by > foolip · Pull Request #653 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/pull/653> > > > > Pull requests · w3c/webauthn · GitHub > <https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+no%3Amilestone> > > 1. Tighten requirements for rejecting duplicate credential IDs. by agl > · Pull Request #1680 · w3c/webauthn · GitHub > <https://github.com/w3c/webauthn/pull/1680> > > > > Issues · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AL3-WD-01> > > 1. Fix the "aborted flag" reference · Issue #1682 · > w3c/webauthn · GitHub > <https://github.com/w3c/webauthn/issues/1682> > 2. Does signing the credential public key with the attestation > private key prove to the RP that the user owns the > credential private key? · Issue #1679 · w3c/webauthn · > GitHub <https://github.com/w3c/webauthn/issues/1679> > 3. Lookup Credential Source by Credential ID Algorithm returns > sensitive data such as the credential private key · Issue > #1678 · w3c/webauthn · GitHub > <https://github.com/w3c/webauthn/issues/1678> > 4. Cross origin and Conditional UI · Issue #1671 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1671> > 5. Synced Credentials · Issue #1665 · w3c/webauthn · GitHub > <https://github.com/w3c/webauthn/issues/1665> > 6. Device-bound key extension · Issue #1658 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1658> > 7. Update URL to FIDO registry · Issue #1657 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1657> > 8. Cross-origin credential creation in iframes · Issue #1656 · > w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1656> > 9. Trailing position of metadata · Issue #1646 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1646> > 10. [Editorial] Truncation description inaccurate · Issue #1645 > · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1645> > 11. Mechanism for encoding *direction* metadata may need more > work · Issue #1644 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1644> > 12. Use of in-field metadata not preferred · Issue #1643 · > w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1643> > 13. Unicode "tag" characters are deprecated for language tagging > · Issue #1642 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1642> > 14. U+ notation incorrect · Issue #1641 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1641> > 15. Syncing Platform Keys, Recoverability and Security levels · > Issue #1640 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1640> > 16. Possible experiences in a future WebAuthn · Issue #1637 · > w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1637> > 17. reference CTAP2.1 PS spec and fix broken link · Issue #1635 > · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1635> > 18. Missing Test Vectors · Issue #1633 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1633> > 19. Support for remote desktops · Issue #1577 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1577> > 20. Prevent browsers from deleting credentials that the RP > wanted to be server-side · Issue #1569 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1569> > 21. Support a "create or get [or replace]" credential > re-association operation · Issue #1568 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1568> > 22. Questions about user handle when supporting usernameless · > Issue #1559 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1559> > 23. Move step 16 of Registration to between 21 and 22 · Issue > #1555 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1555> > 24. Adding info about HSTS for the RPID to client Data. · Issue > #1554 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1554> > 25. Add support for non-modal UI · Issue #1545 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1545> > 26. Making PublicKeyCredentialDescriptor.transports mandatory · > Issue #1522 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1522> > 27. double check whether the Secure Payment Confirmation effort > has implications on the WebAuthn spec · Issue #1492 · > w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1492> > 28. cleanup <pre class=anchors> and use <pre > class="link-defaults"> as appropriate · Issue #1489 · > w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1489> > 29. Regarding the issue of Credential ID exposure(13.5.6), from > what perspective should RP compare RK and NRK and which > should be adopted? · Issue #1484 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1484> > 30. Move PRF Extension into its own specification · Issue #1462 > · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1462> > 31. Personal information updates & webauthn · Issue #1456 · > w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1456> > 32. Requesting properties of created credentials. · Issue #1449 > · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1449> > 33. PublicKeyCredentialParameters can't select curve (E.g. > ed448) · Issue #1446 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1446> > 34. "privacy ca" term in images/fido-attestation-structures.svg > · Issue #1421 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1421> > 35. More explicitly document use cases · Issue #1389 · > w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1389> > 36. Addition of a network transport · Issue #1381 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1381> > 37. Minor cleanups from PR 1270 review · Issue #1291 · > w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1291> > 38. Specify authenticator attachment for authentication > operation · Issue #1267 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1267> > 39. Clearly define the way how RP handles the extensions · Issue > #1258 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1258> > 40. add feature detection blurb... · Issue #1208 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1208> > 41. think about adding note wrt how client platform might obtain > authenticator capabilities · Issue #1207 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1207> > 42. Update name, displayname and icon for RP and user · Issue > #1200 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/1200> > 43. export definitions? · Issue #1049 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1049> > 44. Recovering from Device Loss · Issue #931 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/931> > 45. undefined terms and terms we really ought to define · Issue > #462 · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues/462> > > > > Issues · w3c/webauthn (github.com) > <https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+-label%3Astat%3AOnGoing+-label%3Astat%3Apr-open+no%3Amilestone> > > 1. Does signing the credential public key with the attestation private > key prove to the RP that the user owns the credential private key? · > Issue #1679 · w3c/webauthn · GitHub > <https://github.com/w3c/webauthn/issues/1679> > 2. Breaking change in Chrome 95/W10 · Issue #1677 · w3c/webauthn · > GitHub <https://github.com/w3c/webauthn/issues/1677> > 3. Confusion on COSEAlgorithmIdentifier standards · Issue #1676 · > w3c/webauthn · GitHub <https://github.com/w3c/webauthn/issues/1676> > 4. Accessibility of WebAuthN Dialogs · Issue #1672 · w3c/webauthn > (github.com) <https://github.com/w3c/webauthn/issues/1672> > 5. Cross origin authentication without iframes · Issue #1667 · > w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1667> > > > > 4. Other open issues > > 5. Adjourn > > Because of toll fraud issues MIT has been experiencing, I've been asked > to change our call coordinates and password and, as an ongoing thing, > not distribute the call coordinates publicly. That means not including > the WebEx call number or URL in our agendas or minutes. > > > > You can find the new call coordinates at this link, accessible with your > W3C member login credentials. > > https://www.w3.org/2016/01/webauth-password.html > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2F2016%2F01%2Fwebauth-password.html&data=04%7C01%7Ctonynad%40microsoft.com%7C9cd59d2cfccb46b0986d08d82dcf4b7c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637309715629125857%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=rRnXdea9sqPx%2B7Z8fbc7bv%2F5nY%2BLZStYSARGKVdH1pA%3D&reserved=0> > > > > > > > > > > Get Outlook for Android <https://aka.ms/ghei36> > -- Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Strategy Lead and Counsel, World Wide Web Consortium (W3C) https://wendy.seltzer.org/ +1.617.863.0613 (mobile)
Received on Wednesday, 17 November 2021 19:10:03 UTC