W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2021

Re: 11/17/2021 W3C Web Authentication Meeting

From: Wendy Seltzer <wseltzer@w3.org>
Date: Wed, 17 Nov 2021 14:09:57 -0500
To: nadalin@prodigy.net, 'W3C Web Authn WG' <public-webauthn@w3.org>, 'John Fontana' <jfontana@yubico.com>, "'Phillips, Addison'" <addison@lab126.com>, 'Christiaan Brand' <cbrand@google.com>
Message-ID: <9a9711c1-6cd5-b2b1-0814-111d0c78322f@w3.org>
On 11/16/21 8:21 PM, nadalin@prodigy.net wrote:
>  
> 
> Here is the agenda for the 11/017/2021W3C Web Authentication WG Meeting,
> that will take place as a 60 minute teleconference. Remember call is at
> NOON PDT
> 
>  
> 
> Select scribe please someone be willing to scribe so we can get down to
> the issues
> 
>  
> 
>  1. Here is the link to the Level 2 Webauthn Recommendation
>      https://www.w3.org/TR/2021/REC-webauthn-2-20210408/
>     <https://www.w3.org/TR/2021/REC-webauthn-2-20210408/>
>  2. First Public Working Draft of Level 3 has now been published,
>     https://www.w3.org/TR/webauthn-3/ <https://www.w3.org/TR/webauthn-3/>
> 
>  3. SPWG Update(John or Jeff)
>  4. Draft Charter
>     https://w3c.github.io/charter-drafts/2021/webauthn-2021.html
>     <https://w3c.github.io/charter-drafts/2021/webauthn-2021.html>
>     status (Wendy)
>  5. I18N Issues – if Addison Phillips attends

Addison has posted a comment in issue 1644,
https://github.com/w3c/webauthn/issues/1644#issuecomment-966654233
and invited the editors/WG to follow up with further questions or
proposed resolution. I don't think we're currently expecting him on a call.

Thanks,
--Wendy


>  6. L3 WD01 open pull requests and open issues
> 
>  
> 
> Pull requests · w3c/webauthn (github.com)
> <https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AL3-WD-01>
> 
>          1. Additional polish for PR #1621 by emlun · Pull Request #1674
>             · w3c/webauthn · GitHub
>             <https://github.com/w3c/webauthn/pull/1674>
>          2. device public key extension by equalsJeffH · Pull Request
>             #1663 · w3c/webauthn · GitHub
>             <https://github.com/w3c/webauthn/pull/1663>
>          3. Clarify, simplify and align parameter descriptions by emlun
>             · Pull Request #1621 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/pull/1621>
>          4. conditional UI via mediation by equalsJeffH · Pull Request
>             #1576 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/pull/1576>
>          5. Add recovery extension by emlun · Pull Request #1425 ·
>             w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/pull/1425>
>          6. Ask for tests for normative changes in CONTRIBUTING.md by
>             foolip · Pull Request #653 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/pull/653>
> 
>  
> 
> Pull requests · w3c/webauthn · GitHub
> <https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+no%3Amilestone>
> 
>  1. Tighten requirements for rejecting duplicate credential IDs. by agl
>     · Pull Request #1680 · w3c/webauthn · GitHub
>     <https://github.com/w3c/webauthn/pull/1680>
> 
>  
> 
> Issues · w3c/webauthn (github.com)
> <https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AL3-WD-01>
> 
>          1. Fix the "aborted flag" reference · Issue #1682 ·
>             w3c/webauthn · GitHub
>             <https://github.com/w3c/webauthn/issues/1682>
>          2. Does signing the credential public key with the attestation
>             private key prove to the RP that the user owns the
>             credential private key? · Issue #1679 · w3c/webauthn ·
>             GitHub <https://github.com/w3c/webauthn/issues/1679>
>          3. Lookup Credential Source by Credential ID Algorithm returns
>             sensitive data such as the credential private key · Issue
>             #1678 · w3c/webauthn · GitHub
>             <https://github.com/w3c/webauthn/issues/1678>
>          4. Cross origin and Conditional UI · Issue #1671 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1671>
>          5. Synced Credentials · Issue #1665 · w3c/webauthn · GitHub
>             <https://github.com/w3c/webauthn/issues/1665>
>          6. Device-bound key extension · Issue #1658 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1658>
>          7. Update URL to FIDO registry · Issue #1657 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1657>
>          8. Cross-origin credential creation in iframes · Issue #1656 ·
>             w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1656>
>          9. Trailing position of metadata · Issue #1646 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1646>
>         10. [Editorial] Truncation description inaccurate · Issue #1645
>             · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1645>
>         11. Mechanism for encoding *direction* metadata may need more
>             work · Issue #1644 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1644>
>         12. Use of in-field metadata not preferred · Issue #1643 ·
>             w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1643>
>         13. Unicode "tag" characters are deprecated for language tagging
>             · Issue #1642 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1642>
>         14. U+ notation incorrect · Issue #1641 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1641>
>         15. Syncing Platform Keys, Recoverability and Security levels ·
>             Issue #1640 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1640>
>         16. Possible experiences in a future WebAuthn · Issue #1637 ·
>             w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1637>
>         17. reference CTAP2.1 PS spec and fix broken link · Issue #1635
>             · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1635>
>         18. Missing Test Vectors · Issue #1633 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1633>
>         19. Support for remote desktops · Issue #1577 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1577>
>         20. Prevent browsers from deleting credentials that the RP
>             wanted to be server-side · Issue #1569 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1569>
>         21. Support a "create or get [or replace]" credential
>             re-association operation · Issue #1568 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1568>
>         22. Questions about user handle when supporting usernameless ·
>             Issue #1559 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1559>
>         23. Move step 16 of Registration to between 21 and 22 · Issue
>             #1555 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1555>
>         24. Adding info about HSTS for the RPID to client Data. · Issue
>             #1554 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1554>
>         25. Add support for non-modal UI · Issue #1545 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1545>
>         26. Making PublicKeyCredentialDescriptor.transports mandatory ·
>             Issue #1522 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1522>
>         27. double check whether the Secure Payment Confirmation effort
>             has implications on the WebAuthn spec · Issue #1492 ·
>             w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1492>
>         28. cleanup <pre class=anchors> and use <pre
>             class="link-defaults"> as appropriate · Issue #1489 ·
>             w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1489>
>         29. Regarding the issue of Credential ID exposure(13.5.6), from
>             what perspective should RP compare RK and NRK and which
>             should be adopted? · Issue #1484 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1484>
>         30. Move PRF Extension into its own specification · Issue #1462
>             · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1462>
>         31. Personal information updates & webauthn · Issue #1456 ·
>             w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1456>
>         32. Requesting properties of created credentials. · Issue #1449
>             · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1449>
>         33. PublicKeyCredentialParameters can't select curve (E.g.
>             ed448) · Issue #1446 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1446>
>         34. "privacy ca" term in images/fido-attestation-structures.svg
>             · Issue #1421 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1421>
>         35. More explicitly document use cases · Issue #1389 ·
>             w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1389>
>         36. Addition of a network transport · Issue #1381 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1381>
>         37. Minor cleanups from PR 1270 review · Issue #1291 ·
>             w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1291>
>         38. Specify authenticator attachment for authentication
>             operation · Issue #1267 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1267>
>         39. Clearly define the way how RP handles the extensions · Issue
>             #1258 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1258>
>         40. add feature detection blurb... · Issue #1208 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1208>
>         41. think about adding note wrt how client platform might obtain
>             authenticator capabilities · Issue #1207 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1207>
>         42. Update name, displayname and icon for RP and user · Issue
>             #1200 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/1200>
>         43. export definitions? · Issue #1049 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/1049>
>         44. Recovering from Device Loss · Issue #931 · w3c/webauthn
>             (github.com) <https://github.com/w3c/webauthn/issues/931>
>         45. undefined terms and terms we really ought to define · Issue
>             #462 · w3c/webauthn (github.com)
>             <https://github.com/w3c/webauthn/issues/462>
> 
>  
> 
> Issues · w3c/webauthn (github.com)
> <https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+-label%3Astat%3AOnGoing+-label%3Astat%3Apr-open+no%3Amilestone>
> 
>  1. Does signing the credential public key with the attestation private
>     key prove to the RP that the user owns the credential private key? ·
>     Issue #1679 · w3c/webauthn · GitHub
>     <https://github.com/w3c/webauthn/issues/1679>
>  2. Breaking change in Chrome 95/W10 · Issue #1677 · w3c/webauthn ·
>     GitHub <https://github.com/w3c/webauthn/issues/1677>
>  3. Confusion on COSEAlgorithmIdentifier standards · Issue #1676 ·
>     w3c/webauthn · GitHub <https://github.com/w3c/webauthn/issues/1676>
>  4. Accessibility of WebAuthN Dialogs · Issue #1672 · w3c/webauthn
>     (github.com) <https://github.com/w3c/webauthn/issues/1672>
>  5. Cross origin authentication without iframes · Issue #1667 ·
>     w3c/webauthn (github.com) <https://github.com/w3c/webauthn/issues/1667>
> 
>   
> 
> 4.   Other open issues
> 
> 5.   Adjourn
> 
> Because of toll fraud issues MIT has been experiencing, I've been asked
> to change our call coordinates and password and, as an ongoing thing,
> not distribute the call coordinates publicly. That means not including
> the WebEx call number or URL in our agendas or minutes.
> 
>  
> 
> You can find the new call coordinates at this link, accessible with your
> W3C member login credentials.
> 
> https://www.w3.org/2016/01/webauth-password.html
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2F2016%2F01%2Fwebauth-password.html&data=04%7C01%7Ctonynad%40microsoft.com%7C9cd59d2cfccb46b0986d08d82dcf4b7c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637309715629125857%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=rRnXdea9sqPx%2B7Z8fbc7bv%2F5nY%2BLZStYSARGKVdH1pA%3D&reserved=0> 
> 
>  
> 
>  
> 
>  
> 
>  
> 
> Get Outlook for Android <https://aka.ms/ghei36>
> 


-- 
Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
Strategy Lead and Counsel, World Wide Web Consortium (W3C)
https://wendy.seltzer.org/        +1.617.863.0613 (mobile)
Received on Wednesday, 17 November 2021 19:10:03 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC