wrt Add notion of internal/external to options in context of issue #251 from =JeffH on 2016-12-16 (public-webauthn@w3.org from December 2016)

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Fri, 16 Dec 2016 15:10:37 -0800
To: Alexei Czeskis <aczeskis@google.com>
Cc: W3C Web Authn WG <public-webauthn@w3.org>
Message-ID: <bcdd3129-f22b-ab79-0056-c7194b45a5d1@KingsMountain.com>

from the current state of 
<https://github.com/w3c/webauthn/blob/master/index.bs>:

 > dictionary CredentialOptions {
 >     unsigned long                       timeoutSeconds;
 >     sequence < CredentialDescription >  excludeList;
 >     WebAuthnExtensions                  extensions;
 >     Attachment                          attachment;
 > };
 >
 >     enum Attachment {
 >         "platform",
 >         "cross_platform"
 > };

Plus, there's the below step 10 in the (current) makeCredential() 
algorithm at line 431 
<https://github.com/w3c/webauthn/blob/d23f37ebb858a73d473a10c01a5a5cc6f7a71341/index.bs#L431>:

 > 9. Initialize |issuedRequests| to an empty list.
 >
 > 10. If {{ScopedCredentialOptions/attachment}} is specified, let
 >   |attachment| be {{ScopedCredentialOptions/attachment}}.  If
 >   |attachment| is null or empty, reject |promise| with a DOMException
 >   whose name is "InvalidArgumentError". Otherwise, only consider
 >   authenticators whose attachment is mentioned in |attachment|.
 >
 > 11. For each authenticator currently available on this platform:
 >    asynchronously invoke the <a>authenticatorMakeCredential</a>
 >    operation on that authenticator... Add a corresponding entry
 >    to |issuedRequests|. ...


I am merging the above into the jeffh-editorial-cleanups4 branch where I 
am also addressing https://github.com/w3c/webauthn/issues/251

So, given that a dictionary member, specified as `attachment` is above, 
is optional, and an enum, such as `Attachment`, cannot itself have a 
null value, and since the guidance from #251 is to check for a 
dictionary member's "presence", rather than for being "specified" (i.e., 
or null or empty), I'm intending to rewrite the above steps to be..

8. Initialize |issuedRequests| and |currentlyAvailableAuthenticators|
     to empty lists.

9. For each authenticator currently available on this platform, add the
     authenticator to |currentlyAvailableAuthenticators|
     unless the {{ScopedCredentialOptions/attachment}} member of
     {{options}} is <a>present</a>. In that case, let |attachment| be
     {{ScopedCredentialOptions/attachment}}, and add the authenticator
     to |currentlyAvailableAuthenticators| if its attachment modality
     matches |attachment|.

10. For each authenticator in |currentlyAvailableAuthenticators|:
     asynchronously invoke the <a>authenticatorMakeCredential</a>
     operation on that authenticator ... Add a corresponding entry
     to |issuedRequests|. ...


How does that look?

HTH,

=JeffH

Received on Friday, 16 December 2016 23:11:23 UTC