- From: Simone Onofri <simone@w3.org>
- Date: Thu, 3 Oct 2024 13:07:06 +0200
- To: Michael Jones <michael_b_jones@hotmail.com>
- Cc: ANTHONY J NADALIN <nadalin@prodigy.net>, W3C Web Authn WG <public-webauthn@w3.org>, "Phillips, Addison" <addison@lab126.com>, Christiaan Brand <cbrand@google.com>, Ian Jacobs <ij@w3.org>
Hi Michael,
we are trying to keep the Calendar updated, so yesterday we had the call.
Call for the 9th is confirmed, Nick will chair, and the one of 16th is cancelled (just sent the notification).
Thank you,
Simone
> On 2 Oct 2024, at 18:06, Michael Jones <michael_b_jones@hotmail.com> wrote:
>
> Are we having the call today? The WebAuthn calendar says that it’s confirmed. (But it also says that the calls on the 9th and 16th are confirmed.)
> -- Mike
> From: ANTHONY J NADALIN <nadalin@prodigy.net>
> Sent: Tuesday, October 1, 2024 7:48 PM
> To: 'Michael Jones' <michael_b_jones@hotmail.com>; 'W3C Web Authn WG' <public-webauthn@w3.org>; 'Phillips, Addison' <addison@lab126.com>; 'Christiaan Brand' <cbrand@google.com>; 'Ian Jacobs' <ij@w3.org>
> Subject: 10/02/2024 W3C Web Authentication Meeting Agenda Here is the agenda for the 08/14/2024 W3C Web Authentication WG Meeting, that will take place as a 60 minute teleconference. Remember call is at 12PM Pacific Time. Reminder that we will be using ZOOM from now on, please make sure you go to Web Authentication bi-weekly (w3.org)
> Select scribe please someone be willing to scribe so we can get down to the issues
>
> • Here is the link to the Level 2 Webauthn Recommendation https://www.w3.org/TR/2021/REC-webaut
> •
> L3 Target Publication Schedule discussion
> • Deadline for wide review
> Sunday, October 27 0024
> • Group Call for Consensus (CfC) to move to Candidate Recommendation, wide review is done
> Monday, October 28 0024
> •
> Transition request to Candidate Recommendation
> Thursday, November 7 0024
> • 10/09/2024 WebAuthn Meeting CANCELLED
> •
> 10/16/2024 WebAuthn Meeting CANCELLED (FIDO Pleanry)
> •
> L3 WD02 open pull requests and open issues
>
> Pull requests · w3c/webauthn (github.com)
> 1. Deprecate rp.name by emlun · Pull Request #2159 · w3c/webauthn (github.com)
> 2. Add userName and userDisplayName to webdriver by nsatragno · Pull Request #2148 · w3c/webauthn (github.com)
> 3. Update Use Cases for L3 by timcappalli · Pull Request #2139 · w3c/webauthn (github.com)
> 4. Cleanup: Manual References by timcappalli · Pull Request #2111 · w3c/webauthn (github.com)
> Pull requests · w3c/webauthn (github.com)
> 1. Add test vectors for PRF extension by emlun · Pull Request #2174 · w3c/webauthn (github.com)
> 2. Acknowledge Zack Newman for reviews and contributions by emlun · Pull Request #2173 · w3c/webauthn (github.com)
> 3. Acknowledge Simone Onofri and Philippe Le Hégaret as W3C Team Contacts by emlun · Pull Request #2171 · w3c/webauthn (github.com)
> 4. Don't return an algorithm from [[DiscoverFromExternalSource]] by emlun · Pull Request #2168 · w3c/webauthn (github.com)
> 5. Move extension processing to after signature verification, and modernize it by emlun · Pull Request #2167 · w3c/webauthn (github.com)
> 6. Validate CollectedClientData.crossOrigin in RP ops by emlun · Pull Request #2166 · w3c/webauthn (github.com)
> 7. Fix Unicode example syntax by emlun · Pull Request #2165 · w3c/webauthn (github.com)
> 8. Add [credential record/authenticatorDisplayName] handling to RP operations by emlun · Pull Request #2163 · w3c/webauthn (github.com)
> 9. Fix CredentialRequestOptions hyperlink by zacknewman · Pull Request #2161 · w3c/webauthn (github.com)
> 10. Mark Android SafetyNet attestation as deprecated. by agl · Pull Request #2155 · w3c/webauthn (github.com)
> Issues · w3c/webauthn (github.com)
> 1. authenticatorDisplayName should use a localizable language map · Issue #2151 · w3c/webauthn (github.com)
> 2. Add `userName` and `userDisplayName` to WebDriver's `Credential Parameters` JSON object · Issue #2143 · w3c/webauthn (github.com)
> 3. Remove rp.name · Issue #2121 · w3c/webauthn (github.com)
> 4. CollectedClientData.crossOrigin not referenced in RP ops · Issue #2113 · w3c/webauthn (github.com)
> 5. [[Create]] should not access the global object directly · Issue #2092 · w3c/webauthn (github.com)
> 6. create() and get() return an algorithm, not a credential · Issue #1984 · w3c/webauthn (github.com)
> 7. Are notes in webauthn normative or informative? · Issue #1979 · w3c/webauthn (github.com)
> 8. Extensions should specify partial dictionaries that modify AuthenticationExtensionsClient{Inputs, Outputs}JSON · Issue #1968 · w3c/webauthn (github.com)
> 9. [Superset] Updating credential metadata and requesting deletion of stale credentials · Issue #1967 · w3c/webauthn (github.com)
> 10. Should credentials requested with attestation=none include an AAGUID? · Issue #1962 · w3c/webauthn (github.com)
> 11. Adding some sentences to describe credential sharing between multiple users · Issue #1921 · w3c/webauthn (github.com)
> 12. Update Authenticator Taxonomy examples section · Issue #1912 · w3c/webauthn (github.com)
> 13. Prescriptive behaviours for Autofill UI · Issue #1800 · w3c/webauthn (github.com)
> 14. Provide passwordless example, or update 1.3.2. to be a passwordless example · Issue #1735 · w3c/webauthn · GitHub
> 15. Update top level use cases to account for multi-device credentials · Issue #1720 · w3c/webauthn · GitHub
> 16. Public Key Credential Source and Extensions · Issue #1719 · w3c/webauthn · GitHub
> 17. RP operations: some extension processing may assume that the encompassing signature is valid · Issue #1711 · w3c/webauthn · GitHub
> 18. Split RP ops "Registering a new credential" into one with and one without attestation · Issue #1710 · w3c/webauthn (github.com)
> 19. Switch to permissive copyright license? · Issue #1705 · w3c/webauthn (github.com)
> 20. Platform Errors for attestations. · Issue #1697 · w3c/webauthn (github.com)
> 21. Lookup Credential Source by Credential ID Algorithm returns sensitive data such as the credential private key · Issue #1678 · w3c/webauthn · GitHub
> 22. Synced Credentials · Issue #1665 · w3c/webauthn · GitHub
> 23. Trailing position of metadata · Issue #1646 · w3c/webauthn (github.com)
> 24. [Editorial] Truncation description inaccurate · Issue #1645 · w3c/webauthn (github.com)
> 25. Mechanism for encoding *direction* metadata may need more work · Issue #1644 · w3c/webauthn (github.com)
> 26. Use of in-field metadata not preferred · Issue #1643 · w3c/webauthn (github.com)
> 27. Unicode "tag" characters are deprecated for language tagging · Issue #1642 · w3c/webauthn (github.com)
> 28. U+ notation incorrect · Issue #1641 · w3c/webauthn (github.com)
> 29. Syncing Platform Keys, Recoverability and Security levels · Issue #1640 · w3c/webauthn (github.com)
> 30. Possible experiences in a future WebAuthn · Issue #1637 · w3c/webauthn (github.com)
> 31. Missing Test Vectors · Issue #1633 · w3c/webauthn (github.com)
> 32. CollectedClientData.crossOrigin default value and whether it is required · Issue #1631 · w3c/webauthn (github.com)
> 33. Prevent browsers from deleting credentials that the RP wanted to be server-side · Issue #1569 · w3c/webauthn (github.com)
> 34. Support a "create or get [or replace]" credential re-association operation · Issue #1568 · w3c/webauthn (github.com)
> 35. double check whether the Secure Payment Confirmation effort has implications on the WebAuthn spec · Issue #1492 · w3c/webauthn (github.com)
> 36. cleanup <pre class=anchors> and use <pre class="link-defaults"> as appropriate · Issue #1489 · w3c/webauthn (github.com)
> 37. Regarding the issue of Credential ID exposure(13.5.6), from what perspective should RP compare RK and NRK and which should be adopted? · Issue #1484 · w3c/webauthn (github.com)
> 38. export definitions? · Issue #1049 · w3c/webauthn (github.com)
> Issues · w3c/webauthn · GitHub
> •
> Should race condition be added as a reason for a signature counter not increasing? · Issue #2172 · w3c/webauthn (github.com)
> •
> [[Get]] method doesn't exist in CredMan · Issue #2169 · w3c/webauthn (github.com)
> •
> [Editorial] platform authenticator relationship to WebAuthn Client and Client Device · Issue #2164 · w3c/webauthn (github.com)
> •
> Authentication ceremony `options.publicKey` has the wrong hyperlink · Issue #2160 · w3c/webauthn (github.com)
> •
> Providing AAGUID on Get · Issue #2157 · w3c/webauthn (github.com)
> •
> Bit set by the SPC extension should backed up as part of the Public Key Credential Source · Issue #2153 · w3c/webauthn (github.com)
> •
> Allow `platform`-based self attestation with non-zero AAGUID when `AttestationConveyancePreferenceOption` `"none"` is used · Issue #2146 · w3c/webauthn (github.com)
> •
> Cross-window `Virtual Authenticator Database` · Issue #2117 · w3c/webauthn (github.com)
> •
> Make `AuthenticatorAttestationResponseJSON.publicKeyAlgorithm` optional · Issue #2106 · w3c/webauthn (github.com)
> •
> Additional guidance/clarification on RP ID and origin validation · Issue #2059 · w3c/webauthn (github.com)
> •
> excludeCredentials on Get · Issue #2057 · w3c/webauthn (github.com)
> •
> Deprecate AuthenticatorAttachment in favor of PublicKeyCredentialHints. · Issue #2053 · w3c/webauthn (github.com)
> •
> xtension: Time Since UV · Issue #2034 · w3c/webauthn (github.com)
> •
> Reflect caching of user gestures in WebAuthn assertion · Issue #2023 · w3c/webauthn (github.com)
> •
> Revised txAuthSimple extension · Issue #2022 · w3c/webauthn (github.com)
> •
> Clarify the need for truly randomly generated challenges (aka challenge callback issue) · Issue #1856 · w3c/webauthn (github.com)
> •
> Cross origin authentication without iframes (accommodating SPC in WebAuthn) · Issue #1667 · w3c/webauthn · GitHub
>
> 4. Other open issues or discussions
> 5. Adjourn
Received on Thursday, 3 October 2024 11:07:40 UTC