w3c / strategy

team-strat, on GitHub, working in public. Current state: DRAFT

151 stars 45 forks source link

WebAuthn 2021 rechartering #263

Closed samuelweiler closed 2 years ago

samuelweiler commented 3 years ago

New charter proposal, reviewers please take note.

Charter Review

Charter

diff

What kind of charter is this? Check the relevant box / remove irrelevant branches.

Existing
- [X] Existing WG recharter
- If this is a charter extension or revision, link a diff from previous charter, and any issue discussion:

Horizontal Reviews: apply the Github label "Horizontal review requested" to request reviews for accessibility (a11y), internationalization (i18n), privacy, and security. Also add a "card" for this issue to the Strategy Funnel.

Communities suggested for outreach:

Known or potential areas of concern:

Where would charter proponents like to see issues raised? (this strategy funnel issue, a different github repo, email, ...)

Anything else we should think about as we review?

2019 charter discussion: https://github.com/w3c/strategy/issues/38

wseltzer commented 2 years ago

Under discussion by WG now; please start horizontal reviews.

r12a commented 2 years ago

The i18n WG believes that section 6.4.2. Language and Direction Encoding, which was added at the last minute without proper review, badly needs to be revisited. I think that section 2 Scope in the charter should probably be updated to reflect that.

plehegar commented 2 years ago

First, we need an issue raised against the webauthn specification, one that is also properly tracked by i18n folks.

imho, I don't think we need to update the scope section since it's way too granular to be explicitly called out there. I suggest instead calling out the i18n wg explicitly in the group dependencies section.

r12a commented 2 years ago

Ok.

michael-n-cooper commented 2 years ago

No comments from APA; over to @brewerj to complete accessibility horizontal review.

himorin commented 2 years ago

Fromi18n, the Coordination section differs from the current charter template, and we request that it be updates to align with. https://w3c.github.io/charter-drafts/charter-template.html This will help avoid horizontal review issues going forward.

wseltzer commented 2 years ago

Thanks @himorin, updated in https://github.com/w3c/charter-drafts/pull/366 Good to go?

samuelweiler commented 2 years ago

No security or privacy objections.

I think several of the new scope items could use some explanation or rewording. Most of these new items would be clearer to the casual reader if there were a sentence or two explaining the gap being filled.

Here are some specifics:

Binding of ambient credentials;

What does "ambient" mean?

Re-authentication from the discretion of the relying party;

Do you mean "at the discretion"?

Dynamic linking of authentication credentials;

What does this mean?

Storing of private key(s);

What API feature(s) is this about? It's unclear.

samuelweiler commented 2 years ago

Result of AC review: https://www.w3.org/2002/09/wbs/33280/webauthn2021/results, 2021-08-25 to 2021-10-01.

wseltzer commented 2 years ago

Rechartered: https://lists.w3.org/Archives/Public/public-webauthn/2022Apr/0076.html