w3c / strategy

team-strat, on GitHub, working in public. Current state: DRAFT

158 stars 47 forks source link

[wg/webauthn] Web Authentication Working Group #446

Closed plehegar closed 7 months ago

plehegar commented 9 months ago

New charter proposal, reviewers please take note.

Charter Review

Charter:

What kind of charter is this? Check the relevant box / remove irrelevant branches.

Existing
- [x] Existing WG recharter

diff from previous charter

diff with charter template

Horizontal Reviews: apply the Github label "Horizontal review requested" to request reviews for accessibility (a11y), internationalization (i18n), privacy, and security. Also add a "card" for this issue to the Strategy Funnel.

Communities suggested for outreach:

None. The Working Group is the right place.

Known or potential areas of concern:

None.

Where would charter proponents like to see issues raised? (this strategy funnel issue, a different github repo, email, ...)

https://github.com/w3c/charter-drafts/issues

Anything else we should think about as we review?

Nope

cc @nadalin @YubicoDemo

plehegar commented 9 months ago

Discussed by WG at:

02/07
02/21

plehegar commented 9 months ago

PING is looking at/cleaning ongoing issues.

ruoxiran commented 9 months ago

no comments or requests from APA.

himorin commented 9 months ago

no comment or request from i18n

plehegar commented 8 months ago

All good for PING

plehegar commented 8 months ago

(TiLT approval has been requested, with a month extension)

himorin commented 8 months ago

charter status at the top table is better to be replaced with standard two links??
in 5.2, FIDO 2.0 WG lacks a link, and also it's FIDO2 Technical Working Group? (not sure 'Technical' is mandatory or not)

svgeesus commented 8 months ago

Why has the charter template text about testing been removed?

simoneonofri commented 8 months ago

From the Security side and as mentioned in the call, I would propose in the Success Criteria to add the following wording:

The security considerations section must include a comprehensive threat model with threats, attacks, mitigations and residual risks.

This structure of this section is indicated by the Security and Privacy Questionnaire and in the referenced RFC3552 - Guidelines for Writing RFC Text on Security Considerations.

In this specific case, the section has very good content and refers to the Web Authentication Threat Model within the FIDO documentation.

plehegar commented 8 months ago

@himorin @svgeesus @simoneonofri , I addressed all of the comments as part of https://github.com/w3c/charter-drafts/pull/491

plehegar commented 8 months ago

changes in https://github.com/w3c/charter-drafts/pull/491 were approved by the WG btw

svgeesus commented 8 months ago

Looks good to me now, thanks!

nadalin commented 8 months ago

Thank you

simoneonofri commented 8 months ago

thank you @plehegar

plehegar commented 7 months ago

Announced https://lists.w3.org/Archives/Member/w3c-ac-members/2024AprJun/0017.html