public-webauthn@w3.org from November 2016 by subject

11/02/2016 W3C Web Authentication WG Agenda

11/09/2016 W3C Web Authentication WG Agenda

11/23/2016 W3C WebAuthentication WG Agenda

11/30/2016 W3C Web Authentication WG Agenda

[w3c/webauthn]

[w3c/webauthn] 0049e1: Built by Travis-CI: a5e28e82c5e37b21ed5f29c44ac4e5...

[w3c/webauthn] 0281c7: use Vijay's examples

[w3c/webauthn] 26f20b: put back vijay's suggestion that got dropped

[w3c/webauthn] 276018: attestation statement definition

[w3c/webauthn] 2791e1: Built by Travis-CI: f891d0cb3a756d0cc4c97259301b62...

[w3c/webauthn] 2ca56e: addressing comments from issue peanut gallery :)

[w3c/webauthn] 2d6a7a: Adding fido appid extension (#229)

[w3c/webauthn] 2f723d: Jeffh editorial cleanups 2 (#236)

[w3c/webauthn] 3f91a6: fixup sample-authn example step 9. fixes #234

[w3c/webauthn] 558837: Adds authenticator attachement to credential optio...

[w3c/webauthn] 5a2dc5: section verification of WebAuthnAssertion added. S...

[w3c/webauthn] 5f9172: tag Navigator w/ <a>

[w3c/webauthn] 700775: typo fix

[w3c/webauthn] 8fac8d: properly ref 'normalize an algorithm' fixes #262; ...

[w3c/webauthn] 92fe6c: fix not-properly-closed <div>

[w3c/webauthn] 931199: add @bzbarsky to acks

[w3c/webauthn] a5e28e: point at github milestones

[w3c/webauthn] ad12bd: remove ScopedCredentialInfo.publicKey; use credent...

[w3c/webauthn] d1f5af: address vijay's comments

[w3c/webauthn] f54fd0: Built by Travis-CI: 7c59dd38730d46db68d4a4fb1d48c9...

[w3c/webauthn] fb4f3e: Adds authenticator attachement to credential optio...

[webauthn] "an Relying Party" should be "a Relying Party"

[webauthn] "authentication" attribute on Navigator should be [SecureContext]

[webauthn] "excludeList" should probably be "the excludeList member of _options_" in makeCredential

[webauthn] "If extensions was specified" should instead use the "present" terminology

[webauthn] "JSON serialization" in makeCredential probably needs to be defined more clearly

[webauthn] "might be present on this authenticator" could use a clearer definition

[webauthn] "relaxing the same-origin restriction"

[webauthn] _rpId_ generation allows more relaxation of same-origin restrictions than document.domain does

[webauthn] Add notion of internal/external to options

[webauthn] Add section describing verification of a WebAuthnAssertion

[webauthn] Adding u2f appid extension

[webauthn] Adds authenticator attachement to credential options

[webauthn] also cite the other extant TLS channel binding mechanisms?

[webauthn] AssertionOptions and ScopedCredentialOptions could both inherit from a dictionary which has their shared members

[webauthn] Authenticator selection extension needs to define snapshotting behavior

[webauthn] authenticatorCancel seems like it can cancel too much

[webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee

[webauthn] Can the "attestation" of a WebAuthnAttestation be a non-object?

[webauthn] certifyinfo needs to be specified

[webauthn] Clarify how a user can authenticate from multiple devices

[webauthn] Clarify how AAGUID is generated to avoid collisions

[webauthn] Clarify uses of ClientData

[webauthn] Creation of ScopedCredentialInfo in makeCredential should probably be more explicit

[webauthn] Creation of WebAuthnAssertion in getAssertion should probably be more explicit

[webauthn] Credential ID not signed

[webauthn] Description of ScopedCredentialInfo.credential seems odd

[webauthn] Do we need "Algorithm Usage Location(s)" and "JOSE Implementation Requirements" in the IANA Considerations section?

[webauthn] Does "Then asynchronously continue executing the following steps" mean "in parallel"?

[webauthn] Enforce strict same-origin policy on rpId

[webauthn] Exception handling in cryptoParameters processing needs to be clarified

[webauthn] excludeList can be defaulted to a zero-length sequence in IDL instead of prose

[webauthn] excludeList/allowList can be defaulted to a zero-length sequence in IDL instead of prose

[webauthn] explicitly denote RSA signature scheme

[webauthn] getAssertion needs to not go async before making a copy of the assertionChallenge

[webauthn] Grammar of makeCredential step 1 is a bit odd

[webauthn] I don't understand how to create a ClientData in makeCredential

[webauthn] Is _rpId_ supposed to look like an origin serialization, or like a hostname?

[webauthn] Is there a reason "WebAuthnAssertion" is not "WebAuthenticationAssertion"?

[webauthn] It would be nice if the definition of "Scoped Credential" said something about what `identifier` and `type` are

[webauthn] Jeffh editorial cleanups 3

[webauthn] Link to WebCrypto API is stale

[webauthn] Move `allowList` from optional to default on `getAssertion`

[webauthn] Move {#sample-scenarios} (currently Section 10) to the top of the doc

[webauthn] Moving callers from U2F to WebAuthn

[webauthn] Need to clearly define what it means to SHA-256 hash the "host" output of the document.domain setter

[webauthn] new commits pushed by equalsJeffH

[webauthn] new commits pushed by leshi

[webauthn] new commits pushed by rlin1

[webauthn] new commits pushed by samweiler

[webauthn] new commits pushed by vijaybh

[webauthn] new commits pushed by WebAuthnBot

[webauthn] Please coordinate with the HTML spec to extract the relevant bits of the document.domain setter so you can call them

[webauthn] Please ensure that all ArrayBuffer creations are done explicitly, in the correct global

[webauthn] Processing model for extensions is very underdefined

[webauthn] Refine meaning of ScopedCredentialType to be "signature & assertion format (and version thereof)"

[webauthn] remove id requirement in ScopedCredentialDescriptor

[webauthn] remove ScopedCredentialInfo.publicKey; use "credential public key" term consistently

[webauthn] Scoped credentials represent a relationship between user and RP

[webauthn] ScopedCredentialDescriptor can contain BufferSources that are processed async

[webauthn] section verification of WebAuthnAssertion added. See #102

[webauthn] Setting _rpId_ to _callerOrigin_ doesn't make sense

[webauthn] Should attestationChallenge be snapshotted in makeCredential, or used before going async?

[webauthn] should authenticator layer send hashed or unhashed rpId to authenticators?

[webauthn] Should the "authentication" attribute on Navigator be [SameObject]?

[webauthn] Simplifying attestation, take two

[webauthn] Spec should not mandate behavior of server

[webauthn] TAG review feedback: Align Credential interface with Credential Management?

[webauthn] The concept "empty" is not really defined for IDL sequences

[webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced

[webauthn] There is no "current settings object" in algorithm steps that are executing in parallel

[webauthn] Throw "NotFoundError" when internal authenticator is not available or not found

[webauthn] Timeouts should be in ms not seconds

[webauthn] Update attestation format identifiers in registry to match spec

[webauthn] Various attributes of ScopedCredentialInfo should probably be [SameObject]

[webauthn] WebCryptoAPI's "normalizing an algorithm" cannot be done as part of async steps

[webauthn] What does "If normalizedAlgorithm is empty" mean?

[webauthn] What does "which has no other operations in progress" mean in practice?

[webauthn] What does it mean to "get assertions" in getAssertion step 7?

[webauthn] What does normalizedParameters actually contain in makeCredential?

[webauthn] What ensures any semblance of interop for WebAuthnExtensions?

[webauthn] When talking about "normalizing an algorithm", please just link to it

[webauthn] Which of the attestation format interfaces are expected to be exposed in UAs?

[webauthn] Why are some of the attestation interfaces [SecureContext] while others are not?

[webauthn] Why are various predefined extensions defined as extensions, and not just parts of the spec?

[webauthn] Why is the only value of ScopedCredentialType "ScopedCred" as opposed to "ScopedCredential"?

Android Key Attestation is "Self Attestation" ?

Boris: Thanks for..

bridge for today's WebAuthn call

Closed: [webauthn] "an Relying Party" should be "a Relying Party"

Closed: [webauthn] "relaxing the same-origin restriction"

Closed: [webauthn] also cite the other extant TLS channel binding mechanisms?

Closed: [webauthn] Clarify how AAGUID is generated to avoid collisions

Closed: [webauthn] Grammar of makeCredential/getAssertion step 1 is a bit odd

Closed: [webauthn] Moving callers from U2F to WebAuthn

Closed: [webauthn] Scoped credentials represent a relationship between user and RP

Fwd: Intent to Implement: Web Authentication API for Chrome

FYI: Intent to implement and ship: Web Authentication

referencing W3C or WhatWG specs (was: [webauthn] new commits pushed by equalsJeffH

Regrets for today's call

suggested issues to close (was: 11/30/2016 W3C Web Authentication WG Agenda

Last message date: Wednesday, 30 November 2016 23:54:42 UTC