[w3c/webauthn] 428bf8: Truncate strings for authenticators where needed. ...

  Branch: refs/heads/fignumfollowing
  Home:   https://github.com/w3c/webauthn
  Commit: 428bf827db5fa8d45865fcce7a41427bf910ee2f
      https://github.com/w3c/webauthn/commit/428bf827db5fa8d45865fcce7a41427bf910ee2f
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2019-10-29 (Tue, 29 Oct 2019)

  Changed paths:
    A images/string-truncation.svg
    M index.bs

  Log Message:
  -----------
  Truncate strings for authenticators where needed. (#1316)

* Truncate strings for authenticators where needed.

There exist a significant number of authenticators that do not conform
to the current WebAuthn requirements in that they fail requests with
name/displayName strings longer than 64 bytes, rather than truncating
them.

This change adds a new requirement on user-agents that they maintain the
authenticator model for RPs by doing the truncation on their behalf in
this case. The alternative is that each RP will hit this edge-case and
do the truncation itself, thus the ecosystem will never be able to
support longer strings.

Since user-agents may now be doing truncation, this change also permits
truncation at the level of grapheme clusters (since user-agents
presumably have Unicode tables available).

Fixes #1296.

* Address Jeff and Emil's comments.


  Commit: 0f6d96a13d16d120a17648c0ef0a5576ffe51aca
      https://github.com/w3c/webauthn/commit/0f6d96a13d16d120a17648c0ef0a5576ffe51aca
  Author: JeffH <jdhodges@google.com>
  Date:   2019-10-29 (Tue, 29 Oct 2019)

  Changed paths:

  Log Message:
  -----------
  merge from master and fix conflicts


Compare: https://github.com/w3c/webauthn/compare/ffcc4524a73a...0f6d96a13d16

Received on Tuesday, 29 October 2019 23:00:14 UTC