Wednesday, 30 November 2016
- [w3c/webauthn] 8fac8d: properly ref 'normalize an algorithm' fixes #262; ...
- [webauthn] new commits pushed by equalsJeffH
- Re: [webauthn] Link to WebCrypto API is stale
- [w3c/webauthn] 3f91a6: fixup sample-authn example step 9. fixes #234
- [webauthn] new commits pushed by equalsJeffH
- [w3c/webauthn] 931199: add @bzbarsky to acks
- [webauthn] new commits pushed by equalsJeffH
- [w3c/webauthn] 2791e1: Built by Travis-CI: f891d0cb3a756d0cc4c97259301b62...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn]
- [w3c/webauthn] ad12bd: remove ScopedCredentialInfo.publicKey; use credent...
- [w3c/webauthn] 5f9172: tag Navigator w/ <a>
- [webauthn] new commits pushed by equalsJeffH
- Re: suggested issues to close (was: 11/30/2016 W3C Web Authentication WG Agenda
- Re: [webauthn] Clarify how a user can authenticate from multiple devices
- Closed: [webauthn] Scoped credentials represent a relationship between user and RP
- Re: [webauthn] Scoped credentials represent a relationship between user and RP
- Re: [webauthn] also cite the other extant TLS channel binding mechanisms?
- Closed: [webauthn] also cite the other extant TLS channel binding mechanisms?
- Re: [webauthn] Clarify uses of ClientData
- Re: [webauthn] Clarify uses of ClientData
- RE: 11/30/2016 W3C Web Authentication WG Agenda
- Re: [webauthn] Clarify uses of ClientData
- bridge for today's WebAuthn call
- Re: [webauthn] Can the "attestation" of a WebAuthnAttestation be a non-object?
- Re: 11/30/2016 W3C Web Authentication WG Agenda
Tuesday, 29 November 2016
Wednesday, 23 November 2016
Tuesday, 22 November 2016
- 11/23/2016 W3C WebAuthentication WG Agenda
- [w3c/webauthn] 0049e1: Built by Travis-CI: a5e28e82c5e37b21ed5f29c44ac4e5...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] a5e28e: point at github milestones
- [webauthn] new commits pushed by samweiler
- Re: 11/23/2016 W3C WebAuthentication WG Agenda
Monday, 21 November 2016
Saturday, 19 November 2016
Friday, 18 November 2016
- Re: [webauthn] Clarify uses of ClientData
- Re: [webauthn] Credential ID not signed
- Re: [webauthn] Clarify uses of ClientData
- Re: [webauthn] Move `allowList` from optional to default on `getAssertion`
- [webauthn] Throw "NotFoundError" when internal authenticator is not available or not found
- Re: [webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced
- Re: [webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced
Wednesday, 16 November 2016
- Re: [webauthn] I don't understand how to create a ClientData in makeCredential
- Fwd: Intent to Implement: Web Authentication API for Chrome
- Re: [webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee
- Re: [webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee
- [w3c/webauthn] 26f20b: put back vijay's suggestion that got dropped
- [webauthn] new commits pushed by leshi
- [w3c/webauthn] fb4f3e: Adds authenticator attachement to credential optio...
- [webauthn] new commits pushed by leshi
- Re: [webauthn] Can the "attestation" of a WebAuthnAttestation be a non-object?
Tuesday, 15 November 2016
Monday, 14 November 2016
Saturday, 12 November 2016
Wednesday, 9 November 2016
- Re: [webauthn] Why is the only value of ScopedCredentialType "ScopedCred" as opposed to "ScopedCredential"?
- [w3c/webauthn] f54fd0: Built by Travis-CI: 7c59dd38730d46db68d4a4fb1d48c9...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn]
- [w3c/webauthn] 5f9172: tag Navigator w/ <a>
- Closed: [webauthn] Grammar of makeCredential/getAssertion step 1 is a bit odd
- Closed: [webauthn] "an Relying Party" should be "a Relying Party"
- [webauthn] new commits pushed by equalsJeffH
- [webauthn] Move {#sample-scenarios} (currently Section 10) to the top of the doc
- [webauthn] Update attestation format identifiers in registry to match spec
- Re: [webauthn] Jeffh editorial cleanups 3
- Re: [webauthn] Moving callers from U2F to WebAuthn
- Closed: [webauthn] Moving callers from U2F to WebAuthn
- [w3c/webauthn]
- [w3c/webauthn] 2d6a7a: Adding fido appid extension (#229)
- [webauthn] new commits pushed by vijaybh
- [webauthn] Timeouts should be in ms not seconds
- Re: [webauthn] Adds authenticator attachement to credential options
- [w3c/webauthn] 0281c7: use Vijay's examples
- [webauthn] new commits pushed by leshi
- Re: [webauthn] Spec should not mandate behavior of server
- [w3c/webauthn] 5f9172: tag Navigator w/ <a>
- [webauthn] new commits pushed by equalsJeffH
- Re: [webauthn] remove ScopedCredentialInfo.publicKey; use "credential public key" term consistently
Tuesday, 8 November 2016
- Re: [webauthn] remove ScopedCredentialInfo.publicKey; use "credential public key" term consistently
- [w3c/webauthn] 92fe6c: fix not-properly-closed <div>
- [webauthn] new commits pushed by equalsJeffH
- [w3c/webauthn] 2f723d: Jeffh editorial cleanups 2 (#236)
- [w3c/webauthn] 276018: attestation statement definition
- [webauthn] new commits pushed by equalsJeffH
- [webauthn] new commits pushed by equalsJeffH
- Re: 11/09/2016 W3C Web Authentication WG Agenda
- RE: 11/09/2016 W3C Web Authentication WG Agenda
- 11/09/2016 W3C Web Authentication WG Agenda
- [webauthn] Do we need "Algorithm Usage Location(s)" and "JOSE Implementation Requirements" in the IANA Considerations section?
- Re: [webauthn] "JSON serialization" in makeCredential probably needs to be defined more clearly
- Re: [webauthn] section verification of WebAuthnAssertion added. See #102
- Re: [webauthn] "JSON serialization" in makeCredential probably needs to be defined more clearly
Monday, 7 November 2016
- Closed: [webauthn] "relaxing the same-origin restriction"
- Re: [webauthn] "relaxing the same-origin restriction"
- Closed: [webauthn] Clarify how AAGUID is generated to avoid collisions
- Re: [webauthn] Clarify how AAGUID is generated to avoid collisions
- Re: [webauthn] Why are some of the attestation interfaces [SecureContext] while others are not?
- Re: [webauthn] Which of the attestation format interfaces are expected to be exposed in UAs?
- Re: [webauthn] Can the "attestation" of a WebAuthnAttestation be a non-object?
- Re: [webauthn] Need to clearly define what it means to SHA-256 hash the "host" output of the document.domain setter
- Re: [webauthn] Can the "attestation" of a WebAuthnAttestation be a non-object?
- Re: [webauthn] Various attributes of ScopedCredentialInfo should probably be [SameObject]
- Re: [webauthn] ScopedCredentialDescriptor can contain BufferSources that are processed async
- Re: [webauthn] "JSON serialization" in makeCredential probably needs to be defined more clearly
- Re: [webauthn] Exception handling in cryptoParameters processing needs to be clarified
- Re: [webauthn] When talking about "normalizing an algorithm", please just link to it
- Re: [webauthn] Why are various predefined extensions defined as extensions, and not just parts of the spec?
- Re: [webauthn] Can the "attestation" of a WebAuthnAttestation be a non-object?
- Re: [webauthn] Why are some of the attestation interfaces [SecureContext] while others are not?
- Re: [webauthn] Various attributes of ScopedCredentialInfo should probably be [SameObject]
- Re: [webauthn] ScopedCredentialDescriptor can contain BufferSources that are processed async
- Re: [webauthn] "JSON serialization" in makeCredential probably needs to be defined more clearly
- Re: [webauthn] Exception handling in cryptoParameters processing needs to be clarified
- Re: [webauthn] When talking about "normalizing an algorithm", please just link to it
- Re: [webauthn] Please coordinate with the HTML spec to extract the relevant bits of the document.domain setter so you can call them
- Re: [webauthn] Link to WebCrypto API is stale
- Re: [webauthn] "authentication" attribute on Navigator should be [SecureContext]
- Re: [webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced
- Re: [webauthn] Need to clearly define what it means to SHA-256 hash the "host" output of the document.domain setter
- Re: [webauthn] Need to clearly define what it means to SHA-256 hash the "host" output of the document.domain setter
- Re: [webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced
- Re: referencing W3C or WhatWG specs (was: [webauthn] new commits pushed by equalsJeffH
Sunday, 6 November 2016
- Re: [webauthn] Please coordinate with the HTML spec to extract the relevant bits of the document.domain setter so you can call them
- Re: [webauthn] "authentication" attribute on Navigator should be [SecureContext]
- Re: [webauthn] Should the "authentication" attribute on Navigator be [SameObject]?
- Re: [webauthn] It would be nice if the definition of "Scoped Credential" said something about what `identifier` and `type` are
- [webauthn] Refine meaning of ScopedCredentialType to be "signature & assertion format (and version thereof)"
Saturday, 5 November 2016
Friday, 4 November 2016
- [webauthn] Why are various predefined extensions defined as extensions, and not just parts of the spec?
- [webauthn] Authenticator selection extension needs to define snapshotting behavior
- [webauthn] Please ensure that all ArrayBuffer creations are done explicitly, in the correct global
- Re: [webauthn] What ensures any semblance of interop for WebAuthnExtensions?
- Re: [webauthn] What does "which has no other operations in progress" mean in practice?
- [webauthn] What does "which has no other operations in progress" mean in practice?
- [webauthn] Why is the only value of ScopedCredentialType "ScopedCred" as opposed to "ScopedCredential"?
- [webauthn] What ensures any semblance of interop for WebAuthnExtensions?
- [webauthn] Can the "attestation" of a WebAuthnAttestation be a non-object?
- Re: [webauthn] Is there a reason "WebAuthnAssertion" is not "WebAuthenticationAssertion"?
- [webauthn] Is there a reason "WebAuthnAssertion" is not "WebAuthenticationAssertion"?
- [webauthn] Which of the attestation format interfaces are expected to be exposed in UAs?
- [webauthn] Why are some of the attestation interfaces [SecureContext] while others are not?
- [webauthn] Various attributes of ScopedCredentialInfo should probably be [SameObject]
- [webauthn] Description of ScopedCredentialInfo.credential seems odd
- [webauthn] authenticatorCancel seems like it can cancel too much
- [webauthn] Creation of WebAuthnAssertion in getAssertion should probably be more explicit
- [webauthn] What does it mean to "get assertions" in getAssertion step 7?
- [webauthn] "might be present on this authenticator" could use a clearer definition
- Re: [webauthn] ScopedCredentialDescriptor can contain BufferSources that are processed async
- Re: [webauthn] excludeList/allowList can be defaulted to a zero-length sequence in IDL instead of prose
- Re: [webauthn] "JSON serialization" in makeCredential probably needs to be defined more clearly
- Re: [webauthn] I don't understand how to create a ClientData in makeCredential
- Re: [webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee
- Re: [webauthn] Processing model for extensions is very underdefined
- Re: [webauthn] "If extensions was specified" should instead use the "present" terminology
- Re: [webauthn] Please coordinate with the HTML spec to extract the relevant bits of the document.domain setter so you can call them
- Re: [webauthn] Setting _rpId_ to _callerOrigin_ doesn't make sense
- Re: [webauthn] There is no "current settings object" in algorithm steps that are executing in parallel
- Re: [webauthn] Does "Then asynchronously continue executing the following steps" mean "in parallel"?
- [webauthn] getAssertion needs to not go async before making a copy of the assertionChallenge
- Re: [webauthn] Grammar of makeCredential step 1 is a bit odd
- [webauthn] AssertionOptions and ScopedCredentialOptions could both inherit from a dictionary which has their shared members
- [webauthn] Creation of ScopedCredentialInfo in makeCredential should probably be more explicit
- [webauthn] ScopedCredentialDescriptor can contain BufferSources that are processed async
- [webauthn] "excludeList" should probably be "the excludeList member of _options_" in makeCredential
- [webauthn] "JSON serialization" in makeCredential probably needs to be defined more clearly
- [webauthn] I don't understand how to create a ClientData in makeCredential
- [webauthn] Should attestationChallenge be snapshotted in makeCredential, or used before going async?
- Re: [webauthn] Enforce strict same-origin policy on rpId
- Re: [webauthn] remove ScopedCredentialInfo.publicKey; use "credential public key" term consistently
- [webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee
- [webauthn] Processing model for extensions is very underdefined
- [webauthn] "If extensions was specified" should instead use the "present" terminology
- [webauthn] excludeList can be defaulted to a zero-length sequence in IDL instead of prose
- [webauthn] The concept "empty" is not really defined for IDL sequences
- [webauthn] What does "If normalizedAlgorithm is empty" mean?
- [webauthn] What does normalizedParameters actually contain in makeCredential?
- Boris: Thanks for..
- [webauthn] Exception handling in cryptoParameters processing needs to be clarified
- [webauthn] WebCryptoAPI's "normalizing an algorithm" cannot be done as part of async steps
- [webauthn] When talking about "normalizing an algorithm", please just link to it
- [webauthn] Link to WebCrypto API is stale
- [webauthn] _rpId_ generation allows more relaxation of same-origin restrictions than document.domain does
- [webauthn] Is _rpId_ supposed to look like an origin serialization, or like a hostname?
- [webauthn] Need to clearly define what it means to SHA-256 hash the "host" output of the document.domain setter
- Re: [webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced
- [webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced
- [webauthn] Please coordinate with the HTML spec to extract the relevant bits of the document.domain setter so you can call them
- [webauthn] Setting _rpId_ to _callerOrigin_ doesn't make sense
- [webauthn] There is no "current settings object" in algorithm steps that are executing in parallel
- [webauthn] Does "Then asynchronously continue executing the following steps" mean "in parallel"?
- [webauthn] Grammar of makeCredential step 1 is a bit odd
- [webauthn] "authentication" attribute on Navigator should be [SecureContext]
- [webauthn] Should the "authentication" attribute on Navigator be [SameObject]?
- [webauthn] It would be nice if the definition of "Scoped Credential" said something about what `identifier` and `type` are
- [webauthn] "an Relying Party" should be "a Relying Party"
- Re: [webauthn] remove ScopedCredentialInfo.publicKey; use "credential public key" term consistently
- Re: [webauthn] section verification of WebAuthnAssertion added. See #102
- [w3c/webauthn] 5a2dc5: section verification of WebAuthnAssertion added. S...
- Re: [webauthn] Add section describing verification of a WebAuthnAssertion
- [webauthn] new commits pushed by rlin1
Thursday, 3 November 2016
Wednesday, 2 November 2016
- [webauthn] remove id requirement in ScopedCredentialDescriptor
- [w3c/webauthn] d1f5af: address vijay's comments
- Re: [webauthn] explicitly denote RSA signature scheme
- Re: [webauthn] Simplifying attestation, take two
- Re: [webauthn] explicitly denote RSA signature scheme
- Re: [webauthn] Simplifying attestation, take two
- Re: [webauthn] Add notion of internal/external to options
- [webauthn] Simplifying attestation, take two
- Re: [webauthn] explicitly denote RSA signature scheme
- Re: Regrets for today's call
- Re: [webauthn] certifyinfo needs to be specified
- Re: [webauthn] remove ScopedCredentialInfo.publicKey; use "credential public key" term consistently
- Re: [webauthn] Adding u2f appid extension
- Re: [webauthn] Add notion of internal/external to options
- Regrets for today's call
- Re: [webauthn] Add notion of internal/external to options
- Re: [webauthn] Add notion of internal/external to options
- [w3c/webauthn] 558837: Adds authenticator attachement to credential optio...
- [webauthn] new commits pushed by leshi
- [w3c/webauthn] 700775: typo fix
- [webauthn] new commits pushed by leshi
- [w3c/webauthn] 2ca56e: addressing comments from issue peanut gallery :)
- [webauthn] new commits pushed by leshi
- RE: 11/02/2016 W3C Web Authentication WG Agenda