W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2016

[webauthn] Issue: credentialList should be whitelist in step 6, 1st bullet, of getAssertion() processing rules marked as type:technical

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 01 Jun 2016 21:41:51 +0000
To: public-webauthn@w3.org
Message-ID: <issues.labeled-158013735-None-sysbot+gh@w3.org>
equalsJeffH has just labeled an issue for 
https://github.com/w3c/webauthn as "type:technical":

== credentialList should be whitelist in step 6, 1st bullet, of 
getAssertion() processing rules ==
step 6 of getAssertion() processing rules says in part...
```
6. For each embedded or external authenticator currently available on 
this platform, perform 
the following steps:

  * If whitelist is undefined or empty, let credentialList be a list 
containing a single wildcard 
     entry.

  * If whitelist is defined and non-empty, optionally execute a 
platform-specific procedure to 
    determine which of these credentials can possibly be present on 
this authenticator. Set 
    credentialList to this filtered list. If credentialList is empty, 
ignore this authenticator and 
    do not perform any of the following per-authenticator steps.
```
It seems that the first bullet item ought to read...

```
  * If whitelist is undefined or empty, let whitelist be a list 
containing a single wildcard 
     entry.
```
..otherwise the processing in the 2nd rule does not make sense because
 whitelist may be undefined or empty, while a credentialList 
containing a wildcard has been created, which does not make sense in 
the 2nd bullet. 






See https://github.com/w3c/webauthn/issues/111
Received on Wednesday, 1 June 2016 21:42:00 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:21 UTC