RE: 10/02/2024 W3C Web Authentication Meeting Agenda from Michael Jones on 2024-10-02 (public-webauthn@w3.org from October 2024)

From: Michael Jones <michael_b_jones@hotmail.com>
Date: Wed, 2 Oct 2024 16:06:54 +0000
To: ANTHONY J NADALIN <nadalin@prodigy.net>, 'W3C Web Authn WG' <public-webauthn@w3.org>, "'Phillips, Addison'" <addison@lab126.com>, 'Christiaan Brand' <cbrand@google.com>, 'Ian Jacobs' <ij@w3.org>
Message-ID: <PH0PR02MB74307E1E14FDC0B81424B8F2B7702@PH0PR02MB7430.namprd02.prod.outlook.com>
Are we having the call today?  The WebAuthn calendar<https://www.w3.org/groups/wg/webauthn/calendar/> says that it's confirmed.  (But it also says that the calls on the 9th and 16th are confirmed.)

                                                                -- Mike

From: ANTHONY J NADALIN <nadalin@prodigy.net>
Sent: Tuesday, October 1, 2024 7:48 PM
To: 'Michael Jones' <michael_b_jones@hotmail.com>; 'W3C Web Authn WG' <public-webauthn@w3.org>; 'Phillips, Addison' <addison@lab126.com>; 'Christiaan Brand' <cbrand@google.com>; 'Ian Jacobs' <ij@w3.org>
Subject: 10/02/2024 W3C Web Authentication Meeting Agenda

Here is the agenda for the 08/14/2024 W3C Web Authentication WG Meeting, that will take place as a 60 minute teleconference. Remember call is at 12PM Pacific Time. Reminder that we will be using ZOOM from now on, please make sure you go to Web Authentication bi-weekly (w3.org)<https://www.w3.org/events/meetings/4bab6a90-bdb5-400f-ab87-64a7a852d86a/20230517T150000>

Select scribe please someone be willing to scribe so we can get down to the issues


  1.  Here is the link to the Level 2 Webauthn Recommendation  https://www.w3.org/TR/2021/REC-webaut<https://www.w3.org/TR/2021/REC-webauthn-2-20210408/>

  1.  L3 Target Publication Schedule discussion

     *   Deadline for wide review<https://www.w3.org/Consortium/Process/#wide-review>
Sunday, October 27 0024
     *   Group Call for Consensus (CfC)<https://w3c.github.io/charter-drafts/charter-template.html#decisions> to move to Candidate Recommendation, wide review<https://www.w3.org/Consortium/Process/#wide-review> is done
Monday, October 28 0024
     *   Transition request to Candidate Recommendation<https://www.w3.org/Guide/transitions?profile=CR&cr=new>
Thursday, November 7 0024

  1.  10/09/2024 WebAuthn Meeting CANCELLED

  1.  10/16/2024 WebAuthn Meeting CANCELLED (FIDO Pleanry)

  1.  L3 WD02 open pull requests and open issues


Pull requests · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AL3-WD-02>
1.      Deprecate rp.name by emlun · Pull Request #2159 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2159>
2.      Add userName and userDisplayName to webdriver by nsatragno · Pull Request #2148 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2148>
3.      Update Use Cases for L3 by timcappalli · Pull Request #2139 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2139>
4.      Cleanup: Manual References by timcappalli · Pull Request #2111 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2111>


Pull requests · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+no%3Amilestone>
1.      Add test vectors for PRF extension by emlun · Pull Request #2174 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2174>
2.      Acknowledge Zack Newman for reviews and contributions by emlun · Pull Request #2173 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2173>
3.      Acknowledge Simone Onofri and Philippe Le Hégaret as W3C Team Contacts by emlun · Pull Request #2171 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2171>
4.      Don't return an algorithm from [[DiscoverFromExternalSource]] by emlun · Pull Request #2168 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2168>
5.      Move extension processing to after signature verification, and modernize it by emlun · Pull Request #2167 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2167>
6.      Validate CollectedClientData.crossOrigin in RP ops by emlun · Pull Request #2166 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2166>
7.      Fix Unicode example syntax by emlun · Pull Request #2165 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2165>
8.      Add [credential record/authenticatorDisplayName] handling to RP operations by emlun · Pull Request #2163 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2163>
9.      Fix CredentialRequestOptions hyperlink by zacknewman · Pull Request #2161 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2161>
10.  Mark Android SafetyNet attestation as deprecated. by agl · Pull Request #2155 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2155>


Issues · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AL3-WD-02+>
1.      authenticatorDisplayName should use a localizable language map · Issue #2151 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2151>
2.      Add `userName` and `userDisplayName` to WebDriver's `Credential Parameters` JSON object · Issue #2143 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2143>
3.      Remove rp.name · Issue #2121 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2121>
4.      CollectedClientData.crossOrigin not referenced in RP ops · Issue #2113 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2113>
5.      [[Create]] should not access the global object directly · Issue #2092 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2092>
6.      create() and get() return an algorithm, not a credential · Issue #1984 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1984>
7.      Are notes in webauthn normative or informative? · Issue #1979 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1979>
8.      Extensions should specify partial dictionaries that modify AuthenticationExtensionsClient{Inputs, Outputs}JSON · Issue #1968 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1968>
9.      [Superset] Updating credential metadata and requesting deletion of stale credentials · Issue #1967 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1967>
10.  Should credentials requested with attestation=none include an AAGUID? · Issue #1962 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1962>
11.  Adding some sentences to describe credential sharing between multiple users · Issue #1921 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1921>
12.  Update Authenticator Taxonomy examples section · Issue #1912 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1912>
13.  Prescriptive behaviours for Autofill UI · Issue #1800 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1800>
14.  Provide passwordless example, or update 1.3.2. to be a passwordless example · Issue #1735 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1735>
15.  Update top level use cases to account for multi-device credentials · Issue #1720 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1720>
16.  Public Key Credential Source and Extensions · Issue #1719 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1719>
17.  RP operations: some extension processing may assume that the encompassing signature is valid · Issue #1711 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1711>
18.  Split RP ops "Registering a new credential" into one with and one without attestation · Issue #1710 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1710>
19.  Switch to permissive copyright license? · Issue #1705 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1705>
20.  Platform Errors for attestations. · Issue #1697 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1697>
21.  Lookup Credential Source by Credential ID Algorithm returns sensitive data such as the credential private key · Issue #1678 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1678>
22.  Synced Credentials · Issue #1665 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1665>
23.  Trailing position of metadata · Issue #1646 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1646>
24.  [Editorial] Truncation description inaccurate · Issue #1645 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1645>
25.  Mechanism for encoding *direction* metadata may need more work · Issue #1644 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1644>
26.  Use of in-field metadata not preferred · Issue #1643 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1643>
27.  Unicode "tag" characters are deprecated for language tagging · Issue #1642 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1642>
28.  U+ notation incorrect · Issue #1641 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1641>
29.  Syncing Platform Keys, Recoverability and Security levels · Issue #1640 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1640>
30.  Possible experiences in a future WebAuthn · Issue #1637 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1637>
31.  Missing Test Vectors · Issue #1633 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1633>
32.  CollectedClientData.crossOrigin default value and whether it is required · Issue #1631 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1631>
33.  Prevent browsers from deleting credentials that the RP wanted to be server-side · Issue #1569 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1569>
34.  Support a "create or get [or replace]" credential re-association operation · Issue #1568 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1568>
35.  double check whether the Secure Payment Confirmation effort has implications on the WebAuthn spec · Issue #1492 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1492>
36.  cleanup <pre class=anchors> and use <pre class="link-defaults"> as appropriate · Issue #1489 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1489>
37.  Regarding the issue of Credential ID exposure(13.5.6), from what perspective should RP compare RK and NRK and which should be adopted? · Issue #1484 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1484>
38.  export definitions? · Issue #1049 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1049>

Issues · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+-label%3Astat%3AOnGoing+-label%3Astat%3Apr-open+no%3Amilestone>

           *   Should race condition be added as a reason for a signature counter not increasing? · Issue #2172 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2172>

           *   [[Get]] method doesn't exist in CredMan · Issue #2169 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2169>

           *   [Editorial] platform authenticator relationship to WebAuthn Client and Client Device · Issue #2164 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2164>

           *   Authentication ceremony `options.publicKey` has the wrong hyperlink · Issue #2160 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2160>

           *   Providing AAGUID on Get · Issue #2157 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2157>

           *   Bit set by the SPC extension should backed up as part of the Public Key Credential Source · Issue #2153 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2153>

           *   Allow `platform`-based self attestation with non-zero AAGUID when `AttestationConveyancePreferenceOption` `"none"` is used · Issue #2146 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2146>

           *   Cross-window `Virtual Authenticator Database` · Issue #2117 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2117>

           *   Make `AuthenticatorAttestationResponseJSON.publicKeyAlgorithm` optional · Issue #2106 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2106>

           *   Additional guidance/clarification on RP ID and origin validation · Issue #2059 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2059>

           *   excludeCredentials on Get · Issue #2057 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2057>

           *   Deprecate AuthenticatorAttachment in favor of PublicKeyCredentialHints. · Issue #2053 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2053>

           *   xtension: Time Since UV · Issue #2034 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2034>

           *   Reflect caching of user gestures in WebAuthn assertion · Issue #2023 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2023>

           *   Revised txAuthSimple extension · Issue #2022 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2022>

           *   Clarify the need for truly randomly generated challenges (aka challenge callback issue) · Issue #1856 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1856>

           *   Cross origin authentication without iframes (accommodating SPC in WebAuthn) · Issue #1667 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1667>


4.   Other open issues or discussions
5.   Adjourn
Received on Wednesday, 2 October 2024 16:07:02 UTC