- From: <nadalin@prodigy.net>
- Date: Tue, 5 Apr 2022 17:20:24 -0700
- To: "'W3C Web Authn WG'" <public-webauthn@w3.org>, "'John Fontana'" <jfontana@yubico.com>, "'Phillips, Addison'" <addison@lab126.com>, "'Christiaan Brand'" <cbrand@google.com>
- Message-ID: <030101d8494c$1c542b90$54fc82b0$@prodigy.net>
Here is the agenda for the 04/06/2022 W3C Web Authentication WG Meeting, that will take place as a 60 minute teleconference. Remember call is at NOON PDT Select scribe please someone be willing to scribe so we can get down to the issues 1. Here is the link to the Level 2 Webauthn Recommendation https://www.w3.org/TR/2021/REC-webauthn-2-20210408/ 2. First Public Working Draft of Level 3 has now been published, https://www.w3.org/TR/webauthn-3/ 3. Face-to-Face June 9th in San Francisco (Tim C.) 4. SPWG Update (John B.) 5. Draft Charter https://w3c.github.io/charter-drafts/2021/webauthn-2021.html status (Wendy) extended again. 6. Copyright Licensing update/discussion (Wendy) 7. I18N Issues 8. L3 WD01 open pull requests and open issues Pull requests <https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AL3-WD -01> . w3c/webauthn (github.com) 1. Change UV check step from passive to active voice by emlun <https://github.com/w3c/webauthn/pull/1704> . Pull Request #1704 . w3c/webauthn (github.com) 2. New PublicKeyCredential methods for JSON (de)serialization by MasterKale <https://github.com/w3c/webauthn/pull/1703> . Pull Request #1703 . w3c/webauthn . GitHub 3. backup states in authenticator data by timcappalli <https://github.com/w3c/webauthn/pull/1695> . Pull Request #1695 . w3c/webauthn (github.com)device public key extension by equalsJeffH <https://github.com/w3c/webauthn/pull/1663> . Pull Request #1663 . w3c/webauthn . GitHub 4. conditional UI via mediation by equalsJeffH <https://github.com/w3c/webauthn/pull/1576> . Pull Request #1576 . w3c/webauthn (github.com) 5. Add recovery extension by emlun <https://github.com/w3c/webauthn/pull/1425> . Pull Request #1425 . w3c/webauthn (github.com) 6. Ask for tests for normative changes in CONTRIBUTING.md by foolip <https://github.com/w3c/webauthn/pull/653> . Pull Request #653 . w3c/webauthn (github.com) Pull requests <https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+no%3Amilestone> . w3c/webauthn . GitHub 1. Add explainer for remote desktop support by kreichgauer <https://github.com/w3c/webauthn/pull/1717> . Pull Request #1717 . w3c/webauthn . GitHub 2. Updates based on DOM's abort reason by nidhijaju <https://github.com/w3c/webauthn/pull/1706> . Pull Request #1706 . w3c/webauthn . GitHub Issues <https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AL 3-WD-01> . w3c/webauthn (github.com) 1. use <https://github.com/w3c/webauthn/issues/1707> "public key credential source" consistently . Issue #1707 . w3c/webauthn . GitHub 2. DPK attestation may create possible side channel attack on the batch key. <https://github.com/w3c/webauthn/issues/1701> . Issue #1701 . w3c/webauthn (github.com) 3. Clarification needed regarding meaning of <https://github.com/w3c/webauthn/issues/1699> "user verification is required" . Issue #1699 . w3c/webauthn (github.com) 4. Platform Errors for attestations. <https://github.com/w3c/webauthn/issues/1697> . Issue #1697 . w3c/webauthn (github.com) 5. Updating IANA WebAuthn Registries for Level 2 <https://github.com/w3c/webauthn/issues/1694> . Issue #1694 . w3c/webauthn (github.com) 6. Backup state of credentials <https://github.com/w3c/webauthn/issues/1692> . Issue #1692 . w3c/webauthn (github.com) 7. should reference <https://github.com/w3c/webauthn/issues/1689> "attestation statement format" registry instead of "extensions" registry . Issue #1689 . w3c/webauthn . GitHub 8. Should an RP be able to provide finer grained authenticator filtering in attestation options? <https://github.com/w3c/webauthn/issues/1688> . Issue #1688 . w3c/webauthn (github.com) 9. Provide request deserialization, response serialization <https://github.com/w3c/webauthn/issues/1683> . Issue #1683 . w3c/webauthn (github.com) 10. Fix the <https://github.com/w3c/webauthn/issues/1682> "aborted flag" reference . Issue #1682 . w3c/webauthn . GitHub 11. Lookup Credential Source by Credential ID Algorithm returns sensitive data such as the credential private key <https://github.com/w3c/webauthn/issues/1678> . Issue #1678 . w3c/webauthn . GitHub 12. Synced Credentials <https://github.com/w3c/webauthn/issues/1665> . Issue #1665 . w3c/webauthn . GitHub 13. Device-bound key extension <https://github.com/w3c/webauthn/issues/1658> . Issue #1658 . w3c/webauthn (github.com) 14. Cross-origin credential creation in iframes <https://github.com/w3c/webauthn/issues/1656> . Issue #1656 . w3c/webauthn (github.com) 15. Trailing position of metadata <https://github.com/w3c/webauthn/issues/1646> . Issue #1646 . w3c/webauthn (github.com) 16. [Editorial] Truncation description inaccurate <https://github.com/w3c/webauthn/issues/1645> . Issue #1645 . w3c/webauthn (github.com) 17. Mechanism for encoding *direction* metadata may need more work <https://github.com/w3c/webauthn/issues/1644> . Issue #1644 . w3c/webauthn (github.com) 18. Use of in-field metadata not preferred <https://github.com/w3c/webauthn/issues/1643> . Issue #1643 . w3c/webauthn (github.com) 19. Unicode <https://github.com/w3c/webauthn/issues/1642> "tag" characters are deprecated for language tagging . Issue #1642 . w3c/webauthn (github.com) 20. U+ notation incorrect <https://github.com/w3c/webauthn/issues/1641> . Issue #1641 . w3c/webauthn (github.com) 21. Syncing Platform Keys, Recoverability and Security levels <https://github.com/w3c/webauthn/issues/1640> . Issue #1640 . w3c/webauthn (github.com) 22. Possible experiences in a future WebAuthn <https://github.com/w3c/webauthn/issues/1637> . Issue #1637 . w3c/webauthn (github.com) 23. reference CTAP2.1 PS spec and fix broken link <https://github.com/w3c/webauthn/issues/1635> . Issue #1635 . w3c/webauthn (github.com) 24. Missing Test Vectors <https://github.com/w3c/webauthn/issues/1633> . Issue #1633 . w3c/webauthn (github.com) 25. CollectedClientData.crossOrigin default value and whether it is required <https://github.com/w3c/webauthn/issues/1631> . Issue #1631 . w3c/webauthn (github.com) 26. Support for remote desktops <https://github.com/w3c/webauthn/issues/1577> . Issue #1577 . w3c/webauthn (github.com) 27. Prevent browsers from deleting credentials that the RP wanted to be server-side <https://github.com/w3c/webauthn/issues/1569> . Issue #1569 . w3c/webauthn (github.com) 28. Support a <https://github.com/w3c/webauthn/issues/1568> "create or get [or replace]" credential re-association operation . Issue #1568 . w3c/webauthn (github.com) 29. Questions about user handle when supporting usernameless <https://github.com/w3c/webauthn/issues/1559> . Issue #1559 . w3c/webauthn (github.com) 30. Move step 16 of Registration to between 21 and 22 <https://github.com/w3c/webauthn/issues/1555> . Issue #1555 . w3c/webauthn (github.com) 31. Adding info about HSTS for the RPID to client Data. <https://github.com/w3c/webauthn/issues/1554> . Issue #1554 . w3c/webauthn (github.com) 32. Add support for non-modal UI <https://github.com/w3c/webauthn/issues/1545> . Issue #1545 . w3c/webauthn (github.com) 33. Making PublicKeyCredentialDescriptor.transports mandatory <https://github.com/w3c/webauthn/issues/1522> . Issue #1522 . w3c/webauthn (github.com) 34. double check whether the Secure Payment Confirmation effort has implications on the WebAuthn spec <https://github.com/w3c/webauthn/issues/1492> . Issue #1492 . w3c/webauthn (github.com) 35. cleanup <https://github.com/w3c/webauthn/issues/1489> <pre class=anchors> and use <pre class="link-defaults"> as appropriate . Issue #1489 . w3c/webauthn (github.com) 36. Regarding the issue of Credential ID exposure(13.5.6), from what perspective should RP compare RK and NRK and which should be adopted? <https://github.com/w3c/webauthn/issues/1484> . Issue #1484 . w3c/webauthn (github.com) 37. Move PRF Extension into its own specification <https://github.com/w3c/webauthn/issues/1462> . Issue #1462 . w3c/webauthn (github.com) 38. Personal information updates <https://github.com/w3c/webauthn/issues/1456> & webauthn . Issue #1456 . w3c/webauthn (github.com) 39. Requesting properties of created credentials. <https://github.com/w3c/webauthn/issues/1449> . Issue #1449 . w3c/webauthn (github.com) 40. PublicKeyCredentialParameters can't select curve (E.g. ed448) <https://github.com/w3c/webauthn/issues/1446> . Issue #1446 . w3c/webauthn (github.com) 41. <https://github.com/w3c/webauthn/issues/1421> "privacy ca" term in images/fido-attestation-structures.svg . Issue #1421 . w3c/webauthn (github.com) 42. More explicitly document use cases <https://github.com/w3c/webauthn/issues/1389> . Issue #1389 . w3c/webauthn (github.com) 43. Addition of a network transport <https://github.com/w3c/webauthn/issues/1381> . Issue #1381 . w3c/webauthn (github.com) 44. Minor cleanups from PR 1270 review <https://github.com/w3c/webauthn/issues/1291> . Issue #1291 . w3c/webauthn (github.com) 45. Specify authenticator attachment for authentication operation <https://github.com/w3c/webauthn/issues/1267> . Issue #1267 . w3c/webauthn (github.com) 46. Clearly define the way how RP handles the extensions <https://github.com/w3c/webauthn/issues/1258> . Issue #1258 . w3c/webauthn (github.com) 47. add feature detection blurb... <https://github.com/w3c/webauthn/issues/1208> . Issue #1208 . w3c/webauthn (github.com) 48. think about adding note wrt how client platform might obtain authenticator capabilities <https://github.com/w3c/webauthn/issues/1207> . Issue #1207 . w3c/webauthn (github.com) 49. Update name, displayname and icon for RP and user <https://github.com/w3c/webauthn/issues/1200> . Issue #1200 . w3c/webauthn (github.com) 50. export definitions? <https://github.com/w3c/webauthn/issues/1049> . Issue #1049 . w3c/webauthn (github.com) 51. Recovering from Device Loss <https://github.com/w3c/webauthn/issues/931> . Issue #931 . w3c/webauthn (github.com) 52. undefined terms and terms we really ought to define <https://github.com/w3c/webauthn/issues/462> . Issue #462 . w3c/webauthn (github.com) Issues <https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+-label%3Astat %3AOnGoing+-label%3Astat%3Apr-open+no%3Amilestone> . w3c/webauthn (github.com) 1. Credential Creation Options are inconsistent to Request <https://github.com/w3c/webauthn/issues/1716> . Issue #1716 . w3c/webauthn . GitHub 2. Process to report non-compliant credentials <https://github.com/w3c/webauthn/issues/1713> . Issue #1713 . w3c/webauthn . GitHub 3. RP operations: some extension processing may assume that the encompassing signature is valid <https://github.com/w3c/webauthn/issues/1711> . Issue #1711 . w3c/webauthn . GitHub 4. Split RP ops <https://github.com/w3c/webauthn/issues/1710> "Registering a new credential" into one with and one without attestation . Issue #1710 . w3c/webauthn . GitHub 5. Why not make things simple? <https://github.com/w3c/webauthn/issues/1709> . Issue #1709 . w3c/webauthn . GitHub 6. Advice on language to use? <https://github.com/w3c/webauthn/issues/1708> . Issue #1708 . w3c/webauthn . GitHub 7. Switch to permissive copyright license? <https://github.com/w3c/webauthn/issues/1705> . Issue #1705 . w3c/webauthn . GitHub 8. caBLE for Payments <https://github.com/w3c/webauthn/issues/1681> . Issue #1681 . w3c/webauthn (github.com) 9. Cross origin authentication without iframes <https://github.com/w3c/webauthn/issues/1667> . Issue #1667 . w3c/webauthn (github.com) 4. Other open issues 5. Adjourn Because of toll fraud issues MIT has been experiencing, I've been asked to change our call coordinates and password and, as an ongoing thing, not distribute the call coordinates publicly. That means not including the WebEx call number or URL in our agendas or minutes. You can find the new call coordinates at this link, accessible with your W3C member login credentials. https://www.w3.org/2016/01/webauth-password.html <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.or g%2F2016%2F01%2Fwebauth-password.html&data=04%7C01%7Ctonynad%40microsoft.com %7C9cd59d2cfccb46b0986d08d82dcf4b7c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7 C0%7C637309715629125857%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=rRnXdea9sqPx%2B7Z8fbc7bv %2F5nY%2BLZStYSARGKVdH1pA%3D&reserved=0> Get Outlook for Android <https://aka.ms/ghei36>
Received on Wednesday, 6 April 2022 00:20:39 UTC