- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Wed, 01 Jun 2016 21:41:51 +0000
- To: public-webauthn@w3.org
equalsJeffH has just labeled an issue for
https://github.com/w3c/webauthn as "type:technical":
== credentialList should be whitelist in step 6, 1st bullet, of
getAssertion() processing rules ==
step 6 of getAssertion() processing rules says in part...
```
6. For each embedded or external authenticator currently available on
this platform, perform
the following steps:
* If whitelist is undefined or empty, let credentialList be a list
containing a single wildcard
entry.
* If whitelist is defined and non-empty, optionally execute a
platform-specific procedure to
determine which of these credentials can possibly be present on
this authenticator. Set
credentialList to this filtered list. If credentialList is empty,
ignore this authenticator and
do not perform any of the following per-authenticator steps.
```
It seems that the first bullet item ought to read...
```
* If whitelist is undefined or empty, let whitelist be a list
containing a single wildcard
entry.
```
..otherwise the processing in the 2nd rule does not make sense because
whitelist may be undefined or empty, while a credentialList
containing a wildcard has been created, which does not make sense in
the 2nd bullet.
See https://github.com/w3c/webauthn/issues/111
Received on Wednesday, 1 June 2016 21:42:00 UTC