10/30/2024 W3C Web Authentication Meeting Agenda from ANTHONY J NADALIN on 2024-10-29 (public-webauthn@w3.org from October 2024)

From: ANTHONY J NADALIN <nadalin@prodigy.net>
Date: Tue, 29 Oct 2024 16:31:15 +0000
To: 'Michael Jones' <michael_b_jones@hotmail.com>, 'W3C Web Authn WG' <public-webauthn@w3.org>, "'Phillips, Addison'" <addison@lab126.com>, 'Christiaan Brand' <cbrand@google.com>, 'Ian Jacobs' <ij@w3.org>
Message-ID: <SA1P223MB09701CB8D77BCDE84FD2F0CDAA4B2@SA1P223MB0970.NAMP223.PROD.OUTLOOK.COM>
Here is the agenda for the 10/30/2024 W3C Web Authentication WG Meeting, that will take place as a 60 minute teleconference. Remember call is at 12PM Pacific Time. Reminder that we will be using ZOOM from now on, please make sure you go to Web Authentication bi-weekly (w3.org)<https://www.w3.org/events/meetings/4bab6a90-bdb5-400f-ab87-64a7a852d86a/20230517T150000>

Select scribe please someone be willing to scribe so we can get down to the issues


  1.
Here is the link to the Level 2 Webauthn Recommendation  https://www.w3.org/TR/2021/REC-webaut<https://www.w3.org/TR/2021/REC-webauthn-2-20210408/>
  2.
L3 Target Publication Schedule discussion
     *
Deadline for wide review<https://www.w3.org/Consortium/Process/#wide-review>
Wednesday 13  2024
     *
Group Call for Consensus (CfC)<https://w3c.github.io/charter-drafts/charter-template.html#decisions> to move to Candidate Recommendation, wide review<https://www.w3.org/Consortium/Process/#wide-review> is done
Wednesday 13, 0024
     *
Transition request to Candidate Recommendation<https://www.w3.org/Guide/transitions?profile=CR&cr=new>
Thursday, November 20 0024

  1.
11/06/2024 WebAuthn Meeting CANCELLED (IETF Dublin)
  2.
Move all L3 Open Issues to Future
  3.
L3 WD02 open pull requests and open issues



Pull requests · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AL3-WD-02>

  1.
Move extension processing to after signature verification, and modernize it by emlun · Pull Request #2167 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2167>
  2.
Update Use Cases for L3 by timcappalli · Pull Request #2139 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2139>
  3.
Cleanup: Manual References by timcappalli · Pull Request #2111 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pull/2111>



Pull requests · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+no%3Amilestone>

  1.
Mozilla feedback: Related Origins by timcappalli · Pull Request #2186 · w3c/webauthn<https://github.com/w3c/webauthn/pull/2186>


Issues · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AL3-WD-02+>

  1.
[[Get]] method doesn't exist in CredMan · Issue #2169 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2169>
  2.
[Editorial] platform authenticator relationship to WebAuthn Client and Client Device · Issue #2164 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2164>
  3.
authenticatorDisplayName should use a localizable language map · Issue #2151 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2151>
  4.
[[Create]] should not access the global object directly · Issue #2092 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2092>
  5.
Are notes in webauthn normative or informative? · Issue #1979 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1979>
  6.
Extensions should specify partial dictionaries that modify AuthenticationExtensionsClient{Inputs, Outputs}JSON · Issue #1968 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1968>
  7.
[Superset] Updating credential metadata and requesting deletion of stale credentials · Issue #1967 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1967>
  8.
Should credentials requested with attestation=none include an AAGUID? · Issue #1962 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1962>
  9.
Adding some sentences to describe credential sharing between multiple users · Issue #1921 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1921>
  10.
Update Authenticator Taxonomy examples section · Issue #1912 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1912>
  11.
Prescriptive behaviours for Autofill UI · Issue #1800 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1800>
  12.
Provide passwordless example, or update 1.3.2. to be a passwordless example · Issue #1735 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1735>
  13.
Update top level use cases to account for multi-device credentials · Issue #1720 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1720>
  14.
Public Key Credential Source and Extensions · Issue #1719 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1719>
  15.
RP operations: some extension processing may assume that the encompassing signature is valid · Issue #1711 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1711>
  16.
Split RP ops "Registering a new credential" into one with and one without attestation · Issue #1710 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1710>
  17.
Switch to permissive copyright license? · Issue #1705 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1705>
  18.
Platform Errors for attestations. · Issue #1697 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1697>
  19.
Synced Credentials · Issue #1665 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1665>
  20.
Trailing position of metadata · Issue #1646 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1646>
  21.
[Editorial] Truncation description inaccurate · Issue #1645 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1645>
  22.
Mechanism for encoding *direction* metadata may need more work · Issue #1644 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1644>
  23.
Use of in-field metadata not preferred · Issue #1643 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1643>
  24.
Unicode "tag" characters are deprecated for language tagging · Issue #1642 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1642>
  25.
Missing Test Vectors · Issue #1633 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1633>
  26.
CollectedClientData.crossOrigin default value and whether it is required · Issue #1631 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1631>
  27.
Prevent browsers from deleting credentials that the RP wanted to be server-side · Issue #1569 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1569>
  28.
Support a "create or get [or replace]" credential re-association operation · Issue #1568 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1568>
  29.
double check whether the Secure Payment Confirmation effort has implications on the WebAuthn spec · Issue #1492 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1492>
  30.
cleanup <pre class=anchors> and use <pre class="link-defaults"> as appropriate · Issue #1489 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1489>
  31.
Regarding the issue of Credential ID exposure(13.5.6), from what perspective should RP compare RK and NRK and which should be adopted? · Issue #1484 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1484>
  32.
export definitions? · Issue #1049 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1049>


Issues · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+-label%3Astat%3AOnGoing+-label%3Astat%3Apr-open+no%3Amilestone>

           *
Remove authenticatorDisplayName from L3 · Issue #2187 · w3c/webauthn<https://github.com/w3c/webauthn/issues/2187>
           *
Bit set by the SPC extension should backed up as part of the Public Key Credential Source · Issue #2153 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2153>
           *
Allow `platform`-based self attestation with non-zero AAGUID when `AttestationConveyancePreferenceOption` `"none"` is used · Issue #2146 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2146>
           *
Cross-window `Virtual Authenticator Database` · Issue #2117 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2117>
           *
Make `AuthenticatorAttestationResponseJSON.publicKeyAlgorithm` optional · Issue #2106 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2106>
           *
Additional guidance/clarification on RP ID and origin validation · Issue #2059 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2059>
           *
excludeCredentials on Get · Issue #2057 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2057>
           *
Deprecate AuthenticatorAttachment in favor of PublicKeyCredentialHints. · Issue #2053 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2053>
           *
xtension: Time Since UV · Issue #2034 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2034>
           *
Reflect caching of user gestures in WebAuthn assertion · Issue #2023 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2023>
           *
Revised txAuthSimple extension · Issue #2022 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/2022>
           *
Clarify the need for truly randomly generated challenges (aka challenge callback issue) · Issue #1856 · w3c/webauthn (github.com)<https://github.com/w3c/webauthn/issues/1856>
           *
Cross origin authentication without iframes (accommodating SPC in WebAuthn) · Issue #1667 · w3c/webauthn · GitHub<https://github.com/w3c/webauthn/issues/1667>



4.   Other open issues or discussions
5.   Adjourn
Received on Tuesday, 29 October 2024 16:32:36 UTC