WebAuthn 2021 rechartering

[samuelweiler]

New charter proposal, reviewers please take note.

Charter Review

Charter

diff

What kind of charter is this? Check the relevant box / remove irrelevant branches.

• Existing

• Existing WG recharter
• If this is a charter extension or revision, link a diff from previous charter, and any issue discussion:

Horizontal Reviews: apply the Github label "Horizontal review requested" to request reviews for accessibility (a11y), internationalization (i18n), privacy, and security. Also add a "card" for this issue to the Strategy Funnel.

Communities suggested for outreach:

Known or potential areas of concern:

Where would charter proponents like to see issues raised? (this strategy funnel issue, a different github repo, email, ...)

Anything else we should think about as we review?

2019 charter discussion: #38

[wseltzer]

Under discussion by WG now; please start horizontal reviews.

[r12a]

The i18n WG believes that section 6.4.2. Language and Direction Encoding, which was added at the last minute without proper review, badly needs to be revisited. I think that section 2 Scope in the charter should probably be updated to reflect that.

[plehegar]

First, we need an issue raised against the webauthn specification, one that is also properly tracked by i18n folks.

imho, I don't think we need to update the scope section since it's way too granular to be explicitly called out there. I suggest instead calling out the i18n wg explicitly in the group dependencies section.

[r12a]

Ok.

[michael-n-cooper]

No comments from APA; over to @brewerj to complete accessibility horizontal review.

[himorin]

Fromi18n, the Coordination section differs from the current charter template, and we request that it be updates to align with.
https://w3c.github.io/charter-drafts/charter-template.html This will help avoid horizontal review issues going forward.

[wseltzer]

Thanks @himorin, updated in w3c/charter-drafts#366
Good to go?

[samuelweiler]

No security or privacy objections.

I think several of the new scope items could use some explanation or rewording. Most of these new items would be clearer to the casual reader if there were a sentence or two explaining the gap being filled.

Here are some specifics:

Binding of ambient credentials;

What does "ambient" mean?

Re-authentication from the discretion of the relying party;

Do you mean "at the discretion"?

Dynamic linking of authentication credentials;

What does this mean?

Storing of private key(s);

What API feature(s) is this about? It's unclear.

[samuelweiler]

Result of AC review: https://www.w3.org/2002/09/wbs/33280/webauthn2021/results, 2021-08-25 to 2021-10-01.

[wseltzer]

Rechartered: https://lists.w3.org/Archives/Public/public-webauthn/2022Apr/0076.html