Re: 05/17/2023 W3C Web Authentication Meeting

On a related note: the message template still includes the link to the old
call coordinates page, which is now outdated since the move to Zoom.
Perhaps that page itself might need to be garbage-collected too.

Emil Lundberg

Senior Software Engineer | Yubico <http://www.yubico.com/>




On Wed, May 17, 2023 at 10:07 AM ANTHONY J NADALIN <nadalin@prodigy.net>
wrote:

> Will do, I just forgot sorry
>
> Get Outlook for Android <https://aka.ms/AAb9ysg>
> ------------------------------
> *From:* Ian Jacobs <ij@w3.org>
> *Sent:* Tuesday, May 16, 2023 3:49:04 PM
> *To:* nadalin@prodigy.net <nadalin@prodigy.net>
> *Cc:* W3C Web Authn WG <public-webauthn@w3.org>; John Fontana <
> jfontana@yubico.com>; Phillips, Addison <addison@lab126.com>; Christiaan
> Brand <cbrand@google.com>
> *Subject:* Re: 05/17/2023 W3C Web Authentication Meeting
>
> Hi Tony,
>
> You can remove “Discussion with the WebPayments WG” from the agenda as we
> covered the necessary on 3 May:
>  https://www.w3.org/2023/05/03-webauthn-minutes#t01
>
> Thank you,
>
> Ian
>
> > On May 16, 2023, at 2:53 AM, <nadalin@prodigy.net> <nadalin@prodigy.net>
> wrote:
> >
> >  Here is the agenda for the 05/17/2023 W3C Web Authentication WG
> Meeting, that will take place as a 60 minute teleconference. Remember call
> is at NOON PDT. Reminder that we will be using ZOOM from now on, please
> make sure you go to Web Authentication bi-weekly (w3.org)
> >  . Select scribe please someone be willing to scribe so we can get down
> to the issues
> >
> >     • Here is the link to the Level 2 Webauthn Recommendation
> https://www.w3.org/TR/2021/REC-webauthn-2-20210408/
> >     • First Public Working Draft of Level 3 has now been published,
> https://www.w3.org/TR/webauthn-3/
> >     • PWG Update (John B.)
> >     • Next F2F at TPAC (TPAC 2023: Overview (w3.org)
> >     • Discussion with the WebPayments WG
> >
> >     • L3 WD01 open pull requests and open issues
> >  Pull requests · w3c/webauthn (github.com)
> >             • Recommend duration of challenge validity by emlun · Pull
> Request #1855 · w3c/webauthn (github.com)
> >             • Improve guidance around using UV by emlun · Pull Request
> #1774 · w3c/webauthn (github.com)
> >  Pull requests · w3c/webauthn · GitHub
> >     • Include the "Easily accessing credential data" fields in JSON. by
> agl · Pull Request #1887 · w3c/webauthn · GitHub
> >     • Adjust timeout for create and get operations by akshayku · Pull
> Request #1885 · w3c/webauthn · GitHub
> >     • Add a `hints` element for both `create` and `get`. by agl · Pull
> Request #1884 · w3c/webauthn · GitHub
> >     • Add userDisplayName and vendorDisplayName to credProps by emlun ·
> Pull Request #1880 · w3c/webauthn · GitHub
> >     • Mark all JSON fields as required. by agl · Pull Request #1878 ·
> w3c/webauthn (github.com)
> >  Issues · w3c/webauthn (github.com)
> >             • Prescriptive behaviours for Autofill UI · Issue #1800 ·
> w3c/webauthn (github.com)
> >             • Enforce backup eligibility during assertion · Issue #1791
> · w3c/webauthn (github.com)
> >             • Facility for an RP to indicate a change of displayName to
> a discoverable credential · Issue #1779 · w3c/webauthn (github.com)
> >             • Should enterprise attestation support be flagged
> explicitly? · Issue #1742 · w3c/webauthn · GitHub
> >             • Attestation on Get Assertion · Issue #1741 · w3c/webauthn
> · GitHub
> >             • Discussing mechanisms for enterprise RP's to enforce bound
> properties of credentials · Issue #1739 · w3c/webauthn · GitHub
> >             • Provide passwordless example, or update 1.3.2. to be a
> passwordless example · Issue #1735 · w3c/webauthn · GitHub
> >             • Update top level use cases to account for multi-device
> credentials · Issue #1720 · w3c/webauthn · GitHub
> >             • Public Key Credential Source and Extensions · Issue #1719
> · w3c/webauthn · GitHub
> >             • RP operations: some extension processing may assume that
> the encompassing signature is valid · Issue #1711 · w3c/webauthn · GitHub
> >             • Split RP ops "Registering a new credential" into one with
> and one without attestation · Issue #1710 · w3c/webauthn (github.com)
> >             • Switch to permissive copyright license? · Issue #1705 ·
> w3c/webauthn (github.com)
> >             • Platform Errors for attestations. · Issue #1697 ·
> w3c/webauthn (github.com)
> >             • Should an RP be able to provide finer grained
> authenticator filtering in attestation options? · Issue #1688 ·
> w3c/webauthn (github.com)
> >             • Lookup Credential Source by Credential ID Algorithm
> returns sensitive data such as the credential private key · Issue #1678 ·
> w3c/webauthn · GitHub
> >             • Synced Credentials · Issue #1665 · w3c/webauthn · GitHub
> >             • Cross-origin credential creation in iframes · Issue #1656
> · w3c/webauthn (github.com)
> >             • Trailing position of metadata · Issue #1646 · w3c/webauthn
> (github.com)
> >             • [Editorial] Truncation description inaccurate · Issue
> #1645 · w3c/webauthn (github.com)
> >             • Mechanism for encoding *direction* metadata may need more
> work · Issue #1644 · w3c/webauthn (github.com)
> >             • Use of in-field metadata not preferred · Issue #1643 ·
> w3c/webauthn (github.com)
> >             • Unicode "tag" characters are deprecated for language
> tagging · Issue #1642 · w3c/webauthn (github.com)
> >             • U+ notation incorrect · Issue #1641 · w3c/webauthn (
> github.com)
> >             • Syncing Platform Keys, Recoverability and Security levels
> · Issue #1640 · w3c/webauthn (github.com)
> >             • Possible experiences in a future WebAuthn · Issue #1637 ·
> w3c/webauthn (github.com)
> >             • reference CTAP2.1 PS spec and fix broken link · Issue
> #1635 · w3c/webauthn (github.com)
> >             • Missing Test Vectors · Issue #1633 · w3c/webauthn (
> github.com)
> >             • CollectedClientData.crossOrigin default value and whether
> it is required · Issue #1631 · w3c/webauthn (github.com)
> >             • Support for remote desktops · Issue #1577 · w3c/webauthn (
> github.com)
> >             • Prevent browsers from deleting credentials that the RP
> wanted to be server-side · Issue #1569 · w3c/webauthn (github.com)
> >             • Support a "create or get [or replace]" credential
> re-association operation · Issue #1568 · w3c/webauthn (github.com)
> >             • Adding info about HSTS for the RPID to client Data. ·
> Issue #1554 · w3c/webauthn (github.com)
> >             • Making PublicKeyCredentialDescriptor.transports mandatory
> · Issue #1522 · w3c/webauthn (github.com)
> >             • double check whether the Secure Payment Confirmation
> effort has implications on the WebAuthn spec · Issue #1492 · w3c/webauthn (
> github.com)
> >             • cleanup <pre class=anchors> and use <pre
> class="link-defaults"> as appropriate · Issue #1489 · w3c/webauthn (
> github.com)
> >             • Regarding the issue of Credential ID exposure(13.5.6),
> from what perspective should RP compare RK and NRK and which should be
> adopted? · Issue #1484 · w3c/webauthn (github.com)
> >             • Personal information updates & webauthn · Issue #1456 ·
> w3c/webauthn (github.com)
> >             • Requesting properties of created credentials. · Issue
> #1449 · w3c/webauthn (github.com)
> >             • More explicitly document use cases · Issue #1389 ·
> w3c/webauthn (github.com)
> >             • Addition of a network transport · Issue #1381 ·
> w3c/webauthn (github.com)
> >             • Minor cleanups from PR 1270 review · Issue #1291 ·
> w3c/webauthn (github.com)
> >             • Clearly define the way how RP handles the extensions ·
> Issue #1258 · w3c/webauthn (github.com)
> >             • add feature detection blurb... · Issue #1208 ·
> w3c/webauthn (github.com)
> >             • think about adding note wrt how client platform might
> obtain authenticator capabilities · Issue #1207 · w3c/webauthn (github.com
> )
> >             • Update name, displayname and icon for RP and user · Issue
> #1200 · w3c/webauthn (github.com)
> >             • export definitions? · Issue #1049 · w3c/webauthn (
> github.com)
> >             • ReIssues · w3c/webauthn (github.com)covering from Device
> Loss · Issue #931 · w3c/webauthn (github.com)
> >             • undefined terms and terms we really ought to define ·
> Issue #462 · w3c/webauthn (github.com)
> >  Issues · w3c/webauthn · GitHub
> >     • Clarify how the given origin in the ClientDataJSON matches to the
> expected one · Issue #1889 · w3c/webauthn · GitHub
> >     • Clarify browser behavior when an authenticators return equivalent
> of "InvalidStateError" · Issue #1888 · w3c/webauthn · GitHub
> >     • Adjust timeout for create and get operations · Issue #1886 ·
> w3c/webauthn · GitHub
> >     • Clarify how to differentiate between exceptions · Issue #1859 ·
> w3c/webauthn (github.com)
> >     • Clarify the need for truly randomly generated challenges · Issue
> #1856 · w3c/webauthn (github.com)
> >     • Allow conditional and modal flows to run simultaneously · Issue
> #1854 · w3c/webauthn (github.com)
> >     • Add a new "note" to registration options for RP's to help users
> distinguish credentials · Issue #1852 · w3c/webauthn (github.com)
> >     • Add topOrigin to clientData for cross-origin GET in iframe · Issue
> #1842 · w3c/webauthn (github.com)
> >     • "android-key" and "android-safetynet" are really basic attestation
> type support? · Issue #1819 · w3c/webauthn (github.com)
> >     • Dependencies section is out of date and duplicates terms index ·
> Issue #1797 · w3c/webauthn (github.com)
> >     • Enterprise attestaion is a bool in WebAuthn and an Int in CTAP2.1
> · Issue #1795 · w3c/webauthn (github.com)
> >     • Better specify what an unknown type credential descriptor being
> ignored means · Issue #1748 · w3c/webauthn (github.com)
> >     • Spec abstract is out of date on the eve of multi-device
> credentials and cross-device auth · Issue #1743 · w3c/webauthn (github.com
> )
> >     • Cross origin authentication without iframes (accommodating SPC in
> WebAuthn) · Issue #1667 · w3c/webauthn · GitHub
> >    4.   Other open issues
> > 5.   Adjourn
> > Because of toll fraud issues MIT has been experiencing, I've been asked
> to change our call coordinates and password and, as an ongoing thing, not
> distribute the call coordinates publicly. That means not including the
> WebEx call number or URL in our agendas or minutes.
> >  You can find the new call coordinates at this link, accessible with
> your W3C member login credentials.
> > https://www.w3.org/2016/01/webauth-password.html     Get Outlook for
> Android
>
>
> --
> Ian Jacobs <ij@w3.org>
> https://www.w3.org/People/Jacobs/
> Tel: +1 917 450 8783
>
>
>
>
>
>

Received on Wednesday, 17 May 2023 19:07:46 UTC