W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2016

Re: WebAuthn WebIDL Questions

From: Adam Powers <adam@fidoalliance.org>
Date: Sun, 30 Oct 2016 14:35:32 -0700
Message-ID: <CACu+4csRBa2cJAHHfOqTZvA7E6RHOO-g6FkTGiBnVCpGcEB5fQ@mail.gmail.com>
To: "Hodges, Jeff" <jeff.hodges@paypal.com>
Cc: W3C WebAuthn WG <public-webauthn@w3.org>
What sent me down the path of asking these questions is that the idlharness
expects every interface to be declared as global unless it is declared with
the [NoInterfaceObject] extended attribute. So the way our interfaces are
defined now it seems like we would end up with window.WebAuthentication,
window.ScopedCredentialInfo, etc.

Which is consistent with the specification:

I think that implies that users could call new WebAuthentication(), new
ScopedCredentialInfo(), etc. Is that the intent?

On October 30, 2016 at 11:37:28 AM, Hodges, Jeff (jeff.hodges@paypal.com)

On 10/29/16, 6:04 PM, "Adam Powers" <adam@fidoalliance.org> wrote:
>Hey guys, I¹m not a WebIDL expert but as I¹m reading through our WebIDL
>to create tests I have a few questions:
>1. I¹m assuming that the members of ScopedCredentialOptions and
>AssertionOptions should be nullable types, similar to the example in
>WebIDL 2.2: https://heycam.github.io/webidl/#issue-4d2fc4e6 , right?

Well, all of those two dictionaries' members are optional since they are
not declared "required", AFAIU. Rather than pass members with NULL values,
the caller can just not include such members (?)

>2. According to WebIDL 3.6 interfaces without [NoInterfaceObject] must
>show up on the global `window` object:
>https://heycam.github.io/webidl/#es-interfaces . Do we want to declare
>the WebAuthentication interface with [NoInterfaceObject], since it is
>as a singleton? Note that this is how the geolocation and indexeddb
>interfaces are defined.

Hixie says that the above suggestion or the way we are presently declaring
the interface are equivalent -- and his answer is specifically in regard
to the geolocation API..


however, see also http://darobin.github.io/api-design-cookbook/ wherin the
use of [NoInterfaceObject] is deprecated.

>3. Should [SecureContext] only apply to interfaces with operations and /
>or operations themselves (see the note in Secure Contexts Section 2.1:
>https://www.w3.org/TR/secure-contexts/#integration-idl )?

Mike West said to use [SecureContext] on all webauthn interface


>4. Why are ScopedCredentialInfo, WebAuthnAssertion, WebAuthnAttestation,
>and ScopedCredential interfaces instead of dictionaries?

from Vijay a while back..

According to the Web IDL spec, dictionaries are passed by
value while interfaces represent objects and are therefore
essentially references. The attestation structures are defined
as dictionaries - it would seem more natural and performant
to have them defined as interfaces instead.

In general, style guides such as
http://darobin.github.io/api-design-cookbook/ tend to recommend
the use of dictionaries when one is defining property bags to
serve as input parameters to methods, and interfaces when one
is defining return values.

additionally, interface attributes cannot themselves be dictionaries..



Received on Sunday, 30 October 2016 21:36:06 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC