11/13/2024 W3C Web Authentication Meeting Agenda from ANTHONY J NADALIN on 2024-11-13 (public-webauthn@w3.org from November 2024)

From: ANTHONY J NADALIN <nadalin@prodigy.net>
Date: Wed, 13 Nov 2024 01:53:02 +0000
To: 'Michael Jones' <michael_b_jones@hotmail.com>, 'W3C Web Authn WG' <public-webauthn@w3.org>, "'Phillips, Addison'" <addison@lab126.com>, 'Christiaan Brand' <cbrand@google.com>, 'Ian Jacobs' <ij@w3.org>
Message-ID: <SA1P223MB097094F2C6C28F7581BEC382AA5A2@SA1P223MB0970.NAMP223.PROD.OUTLOOK.COM>
Here is the agenda for the 11/13/2024 W3C Web Authentication WG Meeting, that will take place as a 60 minute teleconference. Remember call is at 12PM Pacific Time. Reminder that we will be using ZOOM from now on, please make sure you go to Web Authentication bi-weekly (w3.org)<https://www.w3.org/events/meetings/4bab6a90-bdb5-400f-ab87-64a7a852d86a/20230517T150000>

Select scribe please someone be willing to scribe so we can get down to the issues


  1.
Here is the link to the Level 2 Webauthn Recommendation  https://www.w3.org/TR/2021/REC-webaut<https://www.w3.org/TR/2021/REC-webauthn-2-20210408/>
  2.
L3 Target Publication Schedule discussion
     *
Deadline for wide review<https://www.w3.org/Consortium/Process/#wide-review>
Wednesday 13  2024
     *
Group Call for Consensus (CfC)<https://w3c.github.io/charter-drafts/charter-template.html#decisions> to move to Candidate Recommendation, wide review<https://www.w3.org/Consortium/Process/#wide-review> is done
Wednesday 13, 0024
     *
Transition request to Candidate Recommendation<https://www.w3.org/Guide/transitions?profile=CR&cr=new>
Thursday, November 20 0024

  1.
Call for Wide Review
  2.
Call for Candidate Recommendation
  3.
12/04/2024 WebAuthn Meeting CANCELLED
  4.
12/15/2024 WebAuthn Meeting CANCELLED
  5.
Move all L3 Open Issues to Future
  6.
L3 WD02 open pull requests and open issues



Pull requests · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AL3-WD-02>

  1.
Clarify use creating and verifying TPM attestation statements. by mwiseman-byid · Pull Request #2193 · w3c/webauthn<https://github.com/w3c/webauthn/pull/2193>
  2.
Move extension processing to after signature verification, and modernize it by emlun · Pull Request #2167 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2167>
  3.
Update Use Cases for L3 by timcappalli · Pull Request #2139 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2139>
  4.
Cleanup: Manual References by timcappalli · Pull Request #2111 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2111>



Pull requests · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+no%3Amilestone>

  1.
Mozilla feedback: Related Origins by timcappalli · Pull Request #2186 · w3c/webauthn<https://github.com/w3c/webauthn/pull/2186>


Issues · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AL3-WD-02+>

  1.
[[Get]] method doesn't exist in CredMan · Issue #2169 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2169>

  1.
[Editorial] platform authenticator relationship to WebAuthn Client and Client Device · Issue #2164 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2164>
  2.
authenticatorDisplayName should use a localizable language map · Issue #2151 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2151>
  3.
[[Create]] should not access the global object directly · Issue #2092 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2092>
  4.
Are notes in webauthn normative or informative? · Issue #1979 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1979>
  5.
Extensions should specify partial dictionaries that modify AuthenticationExtensionsClient{Inputs, Outputs}JSON · Issue #1968 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1968>
  6.
[Superset] Updating credential metadata and requesting deletion of stale credentials · Issue #1967 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1967>
  7.
Should credentials requested with attestation=none include an AAGUID? · Issue #1962 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1962>
  8.
Adding some sentences to describe credential sharing between multiple users · Issue #1921 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1921>
  9.
Update Authenticator Taxonomy examples section · Issue #1912 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1912>
  10.
Prescriptive behaviours for Autofill UI · Issue #1800 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1800>
  11.
Provide passwordless example, or update 1.3.2. to be a passwordless example · Issue #1735 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1735>
  12.
Update top level use cases to account for multi-device credentials · Issue #1720 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1720>
  13.
Public Key Credential Source and Extensions · Issue #1719 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1719>
  14.
RP operations: some extension processing may assume that the encompassing signature is valid · Issue #1711 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1711>
  15.
Split RP ops "Registering a new credential" into one with and one without attestation · Issue #1710 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1710>
  16.
Switch to permissive copyright license? · Issue #1705 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1705>
  17.
Platform Errors for attestations. · Issue #1697 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1697>
  18.
Synced Credentials · Issue #1665 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1665>
  19.
Trailing position of metadata · Issue #1646 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1646>
  20.
[Editorial] Truncation description inaccurate · Issue #1645 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1645>
  21.
Mechanism for encoding *direction* metadata may need more work · Issue #1644 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1644>
  22.
Use of in-field metadata not preferred · Issue #1643 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1643>
  23.
Unicode "tag" characters are deprecated for language tagging · Issue #1642 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1642>
  24.
Missing Test Vectors · Issue #1633 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1633>
  25.
CollectedClientData.crossOrigin default value and whether it is required · Issue #1631 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1631>
  26.
Prevent browsers from deleting credentials that the RP wanted to be server-side · Issue #1569 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1569>
  27.
Support a "create or get [or replace]" credential re-association operation · Issue #1568 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1568>
  28.
double check whether the Secure Payment Confirmation effort has implications on the WebAuthn spec · Issue #1492 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1492>
  29.
cleanup <pre class=anchors> and use <pre class="link-defaults"> as appropriate · Issue #1489 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1489>
  30.
Regarding the issue of Credential ID exposure(13.5.6), from what perspective should RP compare RK and NRK and which should be adopted? · Issue #1484 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1484>
  31.
export definitions? · Issue #1049 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1049>


Issues · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+-label%3Astat%3AOnGoing+-label%3Astat%3Apr-open+no%3Amilestone>

           *
The authenticator may hide the credential even if the RP signals unknown credentials · Issue #2192 · w3c/webauthn<https://github.com/w3c/webauthn/issues/2192>
           *
Bit set by the SPC extension should backed up as part of the Public Key Credential Source · Issue #2153 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2153>
           *
Allow `platform`-based self attestation with non-zero AAGUID when `AttestationConveyancePreferenceOption` `"none"` is used · Issue #2146 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2146>
           *
Make `AuthenticatorAttestationResponseJSON.publicKeyAlgorithm` optional · Issue #2106 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2106>
           *
Additional guidance/clarification on RP ID and origin validation · Issue #2059 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2059>
           *
De<https://github.com/w3c/webauthn/issues/2053>CollectedClientData serialization is confusing WebIDL and/or Infra values for ECMAScript values · Issue #2056 · w3c/webauthn<https://github.com/w3c/webauthn/issues/2056>



4.   Other open issues or discussions
5.   Adjourn
Received on Wednesday, 13 November 2024 01:53:40 UTC