[webauthn] credentialList should be whitelist in step 6, 1st bullet, of getAssertion() processing rules from =JeffH via GitHub on 2016-06-01 (public-webauthn@w3.org from June 2016)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 01 Jun 2016 21:41:51 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-158013735-1464817311-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for 
https://github.com/w3c/webauthn:

== credentialList should be whitelist in step 6, 1st bullet, of 
getAssertion() processing rules ==
step 6 of getAssertion() processing rules says in part...
```
6. For each embedded or external authenticator currently available on 
this platform, perform 
the following steps:

  * If whitelist is undefined or empty, let credentialList be a list 
containing a single wildcard 
     entry.

  * If whitelist is defined and non-empty, optionally execute a 
platform-specific procedure to 
    determine which of these credentials can possibly be present on 
this authenticator. Set 
    credentialList to this filtered list. If credentialList is empty, 
ignore this authenticator and 
    do not perform any of the following per-authenticator steps.
```
It seems that the first bullet item ought to read...

```
  * If whitelist is undefined or empty, let whitelist be a list 
containing a single wildcard 
     entry.
```
..otherwise the processing in the 2nd rule does not make sense because
 whitelist may be undefined or empty, while a credentialList 
containing a wildcard has been created, which does not make sense in 
the 2nd bullet. 






Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/111 using your GitHub account

Received on Wednesday, 1 June 2016 21:42:00 UTC