Event Updated: Web Authentication Working Group

[View this event in your browser](https://www.w3.org/events/meetings/6469898c-678d-46e7-8d8e-4c9c8b1bb7cf/)

 Web Authentication Working Group Upcoming Confirmed
====================================================

 24 September 2024, 09:00 -16:00 America/Los\_Angeles

  -1 Lower Level - Catalina 6

[ Web Authentication Working Group ](https://www.w3.org/groups/wg/webauthn/calendar/) Agenda
------

[Agenda](https://docs.google.com/document/d/1QrFg2JP-V7Ey9YDS2zXzUBZBg8ovhL2Ja4CD433PwFE/edit)### L3 Target Publication Schedule discussion

1. Deadline for [wide review](https://www.w3.org/Consortium/Process/#wide-review) Sunday, October 27 0024
2. [Group Call for Consensus (CfC)](https://w3c.github.io/charter-drafts/charter-template.html#decisions) to move to Candidate Recommendation, [wide review](https://www.w3.org/Consortium/Process/#wide-review) is done Monday, October 28 0024
3. Transition request to [Candidate Recommendation](https://www.w3.org/Guide/transitions?profile=CR&cr=new) Thursday, November 7 0024

### L3 WD02 open pull requests and open issues

[Issues · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues?q=is%3Aopen+label%3Atype%3Atechnical+milestone%3AL3-WD-02) (30 open technical issues on L3 to resolve or move to futures)

[Pull requests · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+label%3Atype%3Atechnical+milestone%3AL3-WD-02) (3 technical pull requests on L3 to resolve or move to futures)

#### [Pull requests · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AL3-WD-02)

1. [Add userName and userDisplayName to webdriver by nsatragno · Pull Request #2148 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/pull/2148)
2. [Clarify behaviour of duplicate hints by emlun · Pull Request #2145 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/pull/2145)
3. [Update Use Cases for L3 by timcappalli · Pull Request #2139 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/pull/2139)
4. [Update obsolete privacy concerns about throwing errors early by emlun · Pull Request #2134 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/pull/2134)
5. [Clarify meaning of "unless" in UP flag validation by emlun · Pull Request #2126 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/pull/2126)
6. [Cleanup: Manual References by timcappalli · Pull Request #2111 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/pull/2111)
7. <https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+milestone%3AL3-WD-02>
8. [Clarify TPM attestation verification instructions by sbweeden · Pull Request #1926 · w3c/webauthn (github.com](https://github.com/w3c/webauthn/pull/1926)

#### [Pull requests · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/pulls?q=is%3Aopen+is%3Apr+no%3Amilestone)

1. [Exclude all platform authenticators that use self attesation from hav… by zacknewman · Pull Request #2150 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/pull/2150)
2. [Remove bikeshed workaround by dwaite · Pull Request #2149 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/pull/2149)

#### [Issues · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+milestone%3AL3-WD-02+)

1. [Add `userName` and `userDisplayName` to WebDriver's `Credential Parameters` JSON object · Issue #2143 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2143)
2. [Clarify behaviour of duplicate hints · Issue #2135 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2135)
3. [Review privacy concerns around error conditions · Issue #2132 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2132)
4. [Remove rp.name · Issue #2121 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2121)
5. [CollectedClientData.crossOrigin not referenced in RP ops · Issue #2113 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2113)
6. [UTF-8 decode should not be required for response.clientDataJSON and cData · Issue #2100 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2100)
7. [\[\[Create\]\] should not access the global object directly · Issue #2092 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2092)
8. [create() and get() return an algorithm, not a credential · Issue #1984 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1984)
9. [Ambiguous instructions in the Android Key Attestation Statement Format verification procedure · Issue #1980 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1980)
10. [Are notes in webauthn normative or informative? · Issue #1979 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1979)
11. [Extensions should specify partial dictionaries that modify AuthenticationExtensionsClient{Inputs, Outputs}JSON · Issue #1968 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1968)
12. [\[Superset\] Updating credential metadata and requesting deletion of stale credentials · Issue #1967 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1967)
13. [Should credentials requested with attestation=none include an AAGUID? · Issue #1962 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1962)
14. [Non-modal registration during conditional assertion · Issue #1929 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1929)
15. [Adding some sentences to describe credential sharing between multiple users · Issue #1921 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1921)
16. [Allow desired attestation format to be an ordered list · Issue #1917 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1917)
17. [Describe packed enterprise attestation · Issue #1916 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1916)
18. [Misaligned steps in Section 7.2 · Issue #1913 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1913)
19. [Prescriptive behaviours for Autofill UI · Issue #1800 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1800)
20. [Should enterprise attestation support be flagged explicitly? · Issue #1742 · w3c/webauthn · GitHub](https://github.com/w3c/webauthn/issues/1742)
21. [Discussing mechanisms for enterprise RP's to enforce bound properties of credentials · Issue #1739 · w3c/webauthn · GitHub](https://github.com/w3c/webauthn/issues/1739)
22. [Provide passwordless example, or update 1.3.2. to be a passwordless example · Issue #1735 · w3c/webauthn · GitHub](https://github.com/w3c/webauthn/issues/1735)
23. [Update top level use cases to account for multi-device credentials · Issue #1720 · w3c/webauthn · GitHub](https://github.com/w3c/webauthn/issues/1720)
24. [Public Key Credential Source and Extensions · Issue #1719 · w3c/webauthn · GitHub](https://github.com/w3c/webauthn/issues/1719)
25. [RP operations: some extension processing may assume that the encompassing signature is valid · Issue #1711 · w3c/webauthn · GitHub](https://github.com/w3c/webauthn/issues/1711)
26. [Split RP ops "Registering a new credential" into one with and one without attestation · Issue #1710 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1710)
27. [Switch to permissive copyright license? · Issue #1705 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1705)
28. [Should an RP be able to provide finer grained authenticator filtering in attestation options? · Issue #1688 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1688)
29. [Lookup Credential Source by Credential ID Algorithm returns sensitive data such as the credential private key · Issue #1678 · w3c/webauthn · GitHub](https://github.com/w3c/webauthn/issues/1678)
30. [Synced Credentials · Issue #1665 · w3c/webauthn · GitHub](https://github.com/w3c/webauthn/issues/1665)
31. [Cross-origin credential creation in iframes · Issue #1656 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1656)
32. [Trailing position of metadata · Issue #1646 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1646)
33. [\[Editorial\] Truncation description inaccurate · Issue #1645 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1645)
34. [Mechanism for encoding \*direction\* metadata may need more work · Issue #1644 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1644)
35. [Use of in-field metadata not preferred · Issue #1643 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1643)
36. [Unicode "tag" characters are deprecated for language tagging · Issue #1642 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1642)
37. [U+ notation incorrect · Issue #1641 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1641)
38. [Syncing Platform Keys, Recoverability and Security levels · Issue #1640 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1640)
39. [Possible experiences in a future WebAuthn · Issue #1637 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1637)
40. [Missing Test Vectors · Issue #1633 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1633)
41. [CollectedClientData.crossOrigin default value and whether it is required · Issue #1631 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1631)
42. [Support for remote desktops · Issue #1577 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1577)
43. [Prevent browsers from deleting credentials that the RP wanted to be server-side · Issue #1569 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1569)
44. [Support a "create or get \[or replace\]" credential re-association operation · Issue #1568 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1568)
45. [Adding info about HSTS for the RPID to client Data. · Issue #1554 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1554)
46. [Making PublicKeyCredentialDescriptor.transports mandatory · Issue #1522 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1522)
47. [cleanup &lt;pre class=anchors&gt; and use &lt;pre class="link-defaults"&gt; as appropriate · Issue #1489 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1489)
48. [Regarding the issue of Credential ID exposure(13.5.6), from what perspective should RP compare RK and NRK and which should be adopted? · Issue #1484 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1484)
49. [Requesting properties of created credentials. · Issue #1449 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1449)
50. [PublicKeyCredentialParameters can't select curve (E.g. ed448) · Issue #1446 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1446)
51. [Minor cleanups from PR 1270 review · Issue #1291 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1291)
52. [Clearly define the way how RP handles the extensions · Issue #1258 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1258)
53. [export definitions? · Issue #1049 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1049)
54. [undefined terms and terms we really ought to define · Issue #462 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/462)

#### [Issues · w3c/webauthn · GitHub](https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+-label%3Astat%3AOnGoing+-label%3Astat%3Apr-open+no%3Amilestone)

1. [Allow `platform`-based self attestation with non-zero AAGUID when `AttestationConveyancePreferenceOption` `"none"` is used · Issue #2146 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2146)
2. [Cross-window `Virtual Authenticator Database` · Issue #2117 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2117)
3. [Make `AuthenticatorAttestationResponseJSON.publicKeyAlgorithm` optional · Issue #2106 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2106)
4. [Additional guidance/clarification on RP ID and origin validation · Issue #2059 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2059)
5. [excludeCredentials on Get · Issue #2057 · w3c/webauthn · GitHub](https://github.com/w3c/webauthn/issues/2057)
6. [CollectedClientData serialization is confusing WebIDL and/or Infra values for ECMAScript values · Issue #2056 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2056)
7. [Deprecate AuthenticatorAttachment in favor of PublicKeyCredentialHints. · Issue #2053 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2053)
8. [New Authenticator Extension: Time Since UV · Issue #2034 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2034)
9. [Reflect caching of user gestures in WebAuthn assertion · Issue #2023 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2023)
10. [Revised txAuthSimple extension · Issue #2022 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/2022)
11. [Clarify the need for truly randomly generated challenges (aka challenge callback issue) · Issue #1856 · w3c/webauthn (github.com)](https://github.com/w3c/webauthn/issues/1856)
12. [Cross origin authentication without iframes (accommodating SPC in WebAuthn) · Issue #1667 · w3c/webauthn · GitHub](https://github.com/w3c/webauthn/issues/1667)

### Other open issues or discussions

### Adjourn

 Joining Instructions
--------------------

 Instructions are restricted to meeting participants. You need to [ log in](https://auth.w3.org/?url=https%3A%2F%2Fwww.w3.org%2Fevents%2Fmeetings%2F6469898c-678d-46e7-8d8e-4c9c8b1bb7cf%2F) to see them.

 Participants
------------

### Groups

- [Web Authentication Working Group](https://www.w3.org/groups/wg/webauthn/) ([View Calendar](https://www.w3.org/groups/wg/webauthn/calendar/))

### Invitees

- Christy Chen
- Matt Gibson

 Report feedback and issues on [ GitHub](https://github.com/w3c/calendar "W3C Calendar GitHub repository").

Attachments

Received on Tuesday, 24 September 2024 05:56:34 UTC