Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry

[Michael Jones <michael_b_jones@hotmail.com>]

I agree.  IANA - please apply the IANA actions at https://w3c.github.io/secure-payment-confirmation/#sctn-iana-considerations.

                                Thank you,
                -- Mike (writing as a Designated Expert)

-----Original Message-----
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
Sent: Tuesday, August 22, 2023 9:59 PM
To: Ian Jacobs <ij@w3.org>; Michael Jones <michael_b_jones@hotmail.com>
Cc: webauthn-reg-review@ietf.org; Stephen McGruer <smcgruer@google.com>; Philippe Le Hégaret <plh@w3.org>
Subject: RE: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry

Thanks.  I think this addresses the requirements of https://www.rfc-editor.org/rfc/rfc8809.html#name-registering-extension-ident, but this is pending Mike's review.

-Giri

-----Original Message-----
From: Ian Jacobs <ij@w3.org>
Sent: Tuesday, August 22, 2023 7:14 AM
To: Michael Jones <michael_b_jones@hotmail.com>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>; webauthn-reg-review@ietf.org; Stephen McGruer <smcgruer@google.com>; Philippe Le Hégaret <plh@w3.org>
Subject: Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry

WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.

Hi Michael,

There is now an IANA Considerations section in the SPC specification:
  https://w3c.github.io/secure-payment-confirmation/#sctn-iana-considerations

Thank you!

Ian


> On Aug 16, 2023, at 3:42 PM, Ian Jacobs <ij@w3.org> wrote:
>
> Hi Mike and Giridhar,
>
> I've created a pull request to add an IANA considerations section to the spec:
> https://github.com/w3c/secure-payment-confirmation/pull/257
>
> All feedback and corrections welcome. Thank you!
>
> Ian
>
>> On Aug 15, 2023, at 8:19 PM, Michael Jones <michael_b_jones@hotmail.com> wrote:
>>
>> The specification does not contain an IANA Considerations section requesting registration of the extension, nor does it contain the information required to register the extension.  In particular, the information from the registration template at https://www.rfc-editor.org/rfc/rfc8809.html#section-2.2.1 is missing.
>>
>> Please update the specification to add an IANA Considerations section supplying the information necessary to register the extension.  Quoting from RFC 8809, that information is:
>>
>>  WebAuthn Extension Identifier:
>>     An identifier meeting the requirements given in Section 2.2.
>>
>>  Description:
>>     A relatively short description of the extension.
>>
>>  Specification Document(s):
>>     Reference to the document or documents that specify the extension.
>>
>>  Change Controller:
>>     For Standards Track RFCs, list "IETF".  For others, give the name
>>     of the responsible party.  Other details (e.g., postal address,
>>     email address, home page URI) may also be included.
>>
>>  Notes:
>>     [optional]
>>
>> After the specification is updated, I should be able to approve the registration.
>>
>>                               -- Mike
>>
>> -----Original Message-----
>> From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
>> Sent: Tuesday, August 15, 2023 1:03 PM
>> To: Ian Jacobs <ij@w3.org>; michael_b_jones@hotmail.com
>> Cc: webauthn-reg-review@ietf.org; Stephen McGruer <smcgruer@google.com>; Philippe Le Hégaret <plh@w3.org>
>> Subject: RE: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry
>>
>> Nothing from my end.  Awaiting Mike's review.
>>
>> -Giri
>>
>> -----Original Message-----
>> From: Ian Jacobs <ij@w3.org>
>> Sent: Tuesday, August 15, 2023 10:08 AM
>> To: Giridhar Mandyam <mandyam@qti.qualcomm.com>; michael_b_jones@hotmail.com
>> Cc: webauthn-reg-review@ietf.org; Stephen McGruer <smcgruer@google.com>; Philippe Le Hégaret <plh@w3.org>
>> Subject: Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry
>>
>> WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.
>>
>> Hi Giridhar,
>>
>> I wanted to let you know that we've merged the pull request, so the statement you referred to below no longer appears.
>>
>> If there's any other information you need to complete your evaluation, let me know. Thanks again!
>>
>> Ian
>>
>>> On Jul 31, 2023, at 8:59 AM, Ian Jacobs <ij@w3.org> wrote:
>>>
>>> Thanks Giridhar,
>>>
>>> I've proposed a pull request to remove the note:
>>> https://github.com/w3c/secure-payment-confirmation/pull/255
>>>
>>> Ian
>>>
>>>> On Jul 27, 2023, at 1:32 AM, Giridhar Mandyam <mandyam@qti.qualcomm.com> wrote:
>>>>
>>>> Hi Ian,
>>>>
>>>> Mike needs to sign off,  but I have reviewed this an am satisfied that the extension can be registered.
>>>>
>>>> Please consider removing the following in any future revision:
>>>>
>>>> "Note: Reading [webauthn-3] literally, these steps don't work; extensions are injected at step 12 of [[Create]] and cannot really modify anything. However other extensions ignore that entirely and assume they can modify any part of any WebAuthn algorithm!"
>>>>
>>>> I don't think the above statement is an accurate reading of the WebAuthn spec, as the steps outlined in the Webauthn spec do not have to be executed in sequence.  This is because the cited section in Webauthn is for an internal method, which as per the ECMA description is left up to the implementation (https://tc39.es/ecma262/#sec-object-internal-methods-and-internal-slots).
>>>>
>>>> Mike,
>>>> Please provide your feedback.
>>>>
>>>> -Giri
>>
>> --
>> Ian Jacobs <ij@w3.org>
>> https://www.w3.org/People/Jacobs/
>> Tel: +1 917 450 8783
>>
>>
>>
>>
>>
>
> --
> Ian Jacobs <ij@w3.org>
> https://www.w3.org/People/Jacobs/
> Tel: +1 917 450 8783
>
>
>
>
>

--
Ian Jacobs <ij@w3.org>
https://www.w3.org/People/Jacobs/
Tel: +1 917 450 8783