public-webauthn@w3.org from February 2017 by subject

02/01/2017 W3C Web Authentication WG Meeting Agenda

02/08/2017 W3C Web Authentication WG Meeting Agenda

02/22/2017 W3C Web Authentication WG Meeting Agenda

[w3c/webauthn]

[w3c/webauthn] 02c4db: Renamed timeoutSeconds to timeoutMilliseconds (#3...

[w3c/webauthn] 097c8c: Built by Travis-CI: 4751dacb364be3d17ece4ee0ace060...

[w3c/webauthn] 0ac166: Remove a bunch of unnecessary dfns and anchors.

[w3c/webauthn] 0b2748: better text wrapping

[w3c/webauthn] 0d9d89: Highlight the examples as JavaScript and remove no...

[w3c/webauthn] 1088d3: Fix bikeshed linking error

[w3c/webauthn] 1a9352: Built by Travis-CI: 22a559f8db50f5d3854bc358c25908...

[w3c/webauthn] 1a9371: Built by Travis-CI: fc8f027bb8e0763bd78e0eac52f065...

[w3c/webauthn] 1db4a9: allow u2f attestation to be chained

[w3c/webauthn] 1f470c: Built by Travis-CI: 02c4db116d8119b8a25ed307fdcc1f...

[w3c/webauthn] 233ff1: Fix #335: Remove extraneous whitespace in IDL para...

[w3c/webauthn] 2ebdcf: Use CDDL to define attestation and extension struc...

[w3c/webauthn] 3b2cae: Built by Travis-CI: 0c1a498ecf69e1b0431c2c674020ab...

[w3c/webauthn] 4751da: Bikeshed renamed its include folder to boilerplate

[w3c/webauthn] 50bb26: Clean up attestation CDDL

[w3c/webauthn] 75a381: Built by Travis-CI: 9d94e5ff60cd5cff5d134f391c2cd6...

[w3c/webauthn] 7642dd: Editorial revisions

[w3c/webauthn] 81e586: Built by Travis-CI: 85db884771c13f7c540db3a58b925c...

[w3c/webauthn] 835e72: Clean up exposition

[w3c/webauthn] 85db88: Clean up attestation, abstract it from UA, fix TPM...

[w3c/webauthn] 8eff39: Built by Travis-CI: cc73187dcd84cc70cbbcc095665277...

[w3c/webauthn] 93eca4: further polish #357

[w3c/webauthn] 945168: fix build: add comma to refs

[w3c/webauthn] 9d94e5: allow u2f attestation to be chained (#342)

[w3c/webauthn] a2290b: Built by Travis-CI: 233ff105822c1317b015ca776c6fd8...

[w3c/webauthn] b61bf0: Make BufferSource parameters actually BufferSource...

[w3c/webauthn] b65aea: updated the reference to FIDO ECDAA

[w3c/webauthn] c9b20a: Fix interface/member confusion

[w3c/webauthn] ce3151: improve ceremony dfn, add Angelo to ACKs

[w3c/webauthn] ce7925: Updates to reflect publication of WD-04

[w3c/webauthn] ce9c18: fix CDDL marker for packed attestation

[w3c/webauthn] ed4cd4: Built by Travis-CI: b61bf0df4da547a51aab1dd71c32d6...

[w3c/webauthn] ede26e: Built by Travis-CI: 0d9d89e66b3234b325b1d6fa651054...

[w3c/webauthn] f63a36: Bug #256 - Change "relaxing" of RP to the HTML "re...

[w3c/webauthn] f6d7a6: refine user verif and authz gesture, fixes #357, i...

[w3c/webauthn] fc8f02: Update w3c.json

[w3c/webauthn] fced1d: Built by Travis-CI: ce7925cac738fea9a7d81405815aef...

[w3c/webauthn] feb7d7: Fix linking error

[webauthn] "NotAllowedError" is in WebIDL editors draft but not in WebIDL Level 1

[webauthn] "rp" isn't a widely enough known acronym?, should be relyingParting instead?

[webauthn] 5.2.2. Generating a signature

[webauthn] `rpID` origin relaxation?

[webauthn] Add "willMakeCredentialWorkWithTheseConstraints()" method to the API

[webauthn] Add clearer definition of API use cases to the spec

[webauthn] Add cloud transport option to transport hint

[webauthn] Add explanation of why the account argument is useful

[webauthn] Add gesture verification parameter to option in both makeC and getA

[webauthn] Add getAuthenticatorInfo to the Authenticator Model section

[webauthn] Add keyStorage enum to ScopedCredentialOptions

[webauthn] Add reference to FIDO ECDAA spec.

[webauthn] Bug #256 - Clarify call of the "Relaxing the Same-Origin Restriction" algorithm

[webauthn] Clarify names for crypto algs, e.g. RS256

[webauthn] Clarify wording on authenticator selection

[webauthn] Clean up attestation, abstract it from UA, fix TPM format, add U2F format

[webauthn] Constrain the "reasonable range" of timeouts

[webauthn] Credential CBOR

[webauthn] Define extension client processing more carefully.

[webauthn] Define what happens when the Document loses focus

[webauthn] define what to do if both normalizedAlgorithm and cryptoParameters are empty

[webauthn] detail-level issues in signature format, attestation format(s), attestation statement

[webauthn] Editorial: use more elaborate variable names

[webauthn] Eliminate duplicate terminology

[webauthn] Examples show a DOMString passed to challenge, but it's a BufferSource

[webauthn] Exception handling in cryptoParameters processing needs to be clarified

[webauthn] Explain how Token Binding IDs get associated with an HTML context.

[webauthn] Explainer or more examples?

[webauthn] Expose credential public key in `ScopedCredential`

[webauthn] Expose standard authenticator fields in JS objects, vs. binary

[webauthn] Fetch intergration for WebAuthn API

[webauthn] hashAlg -> hashAlgorithm?

[webauthn] I don't understand how to create a ClientData in makeCredential

[webauthn] Is _rpId_ supposed to look like an origin serialization, or like a hostname?

[webauthn] Make hashAlg a "recognized algorithm name".

[webauthn] Make makeCredential() more precise.

[webauthn] new commits pushed by equalsJeffH

[webauthn] new commits pushed by jcjones

[webauthn] new commits pushed by leshi

[webauthn] new commits pushed by rlin1

[webauthn] new commits pushed by vijaybh

[webauthn] new commits pushed by WebAuthnBot

[webauthn] new commits pushed by wseltzer

[webauthn] overall security considerations section or document

[webauthn] References to "algorythm" and "alg" should be same string

[webauthn] refine user verification and authz gesture definitions, add Test of User Presence

[webauthn] Rename Account and ClientData fixes #312

[webauthn] Renamed timeoutSeconds to timeoutMilliseconds

[webauthn] Should use "RS1" instead of "RSA1_5"

[webauthn] Should WebAuthnAttestation attributes have constructors?

[webauthn] Silent Authn? clarification of bit 0 in AuthenticatorData

[webauthn] Spec should not mandate behavior of server

[webauthn] Specify the set of hash algorithms UAs can select between.

[webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced

[webauthn] There is no "current settings object" in algorithm steps that are executing in parallel

[webauthn] Throw "NotFoundError" when internal authenticator is not available or not found

[webauthn] Timeouts should be in ms not seconds

[webauthn] timeoutSeconds options should just be timeout in ms?

[webauthn] Track rename issues to maintain consistency

[webauthn] Unclear how ClientData is created in makeCredential()

[webauthn] updated the reference to FIDO ECDAA

[webauthn] User Verification definition needs to be refined

[webauthn] WebAPI: FIDO Authenticator model - clarifications needed

[webauthn] WebAuthn available to Workers? aka "silent authentication"

[webauthn] What does "If normalizedAlgorithm is empty" mean?

[webauthn] What does normalizedParameters actually contain in makeCredential?

[webauthn] Whitespace around < > in Web IDL is unusual

another fairly new spec to be aware of: Infra (from WhatWG)

CDDL tool

Closed: [webauthn] "JSON serialization" in makeCredential probably needs to be defined more clearly

Closed: [webauthn] 5.2.2. Generating a signature

Closed: [webauthn] Add section describing verification of a WebAuthnAssertion

Closed: [webauthn] Can the "attestation" of a WebAuthnAttestation be a non-object?

Closed: [webauthn] certifyinfo needs to be specified

Closed: [webauthn] Clarify names for crypto algs, e.g. RS256

Closed: [webauthn] Clarify uses of ClientData

Closed: [webauthn] Clarify wording on authenticator selection

Closed: [webauthn] Consider using CDDL (CBOR data definition language) to define CBOR-encoded data structures

Closed: [webauthn] Define a U2F attestation format

Closed: [webauthn] differentiate assertion signatures and attestation signatures

Closed: [webauthn] Editorial: use more elaborate variable names

Closed: [webauthn] Examples show a DOMString passed to challenge, but it's a BufferSource

Closed: [webauthn] Explainer or more examples?

Closed: [webauthn] explicitly denote RSA signature scheme

Closed: [webauthn] fix signature alg names and RFC3447 cite in {#generating-an-attestation-statement}

Closed: [webauthn] RSA credential public key encoding in "attestation data" incorrectly specified?

Closed: [webauthn] should authenticator layer send hashed or unhashed rpId to authenticators?

Closed: [webauthn] Should use "RS1" instead of "RSA1_5"

Closed: [webauthn] Should WebAuthnAttestation attributes have constructors?

Closed: [webauthn] Simplifying attestation, take two

Closed: [webauthn] Spec should not mandate behavior of server

Closed: [webauthn] Timeouts should be in ms not seconds

Closed: [webauthn] timeoutSeconds options should just be timeout in ms?

Closed: [webauthn] TPM attestation format spec is incomplete

Closed: [webauthn] Unclear how ClientData is created in makeCredential()

Closed: [webauthn] WebAPI: credential binding to a user account

Closed: [webauthn] WebAPI: FIDO Authenticator model - clarifications needed

Closed: [webauthn] Which of the attestation format interfaces are expected to be exposed in UAs?

Closed: [webauthn] Whitespace around < > in Web IDL is unusual

Closed: [webauthn] Why are some of the attestation interfaces [SecureContext] while others are not?

Draft checklist for accessibility of technology, comment by 17 March

F2F minutes posted

Fwd: Scribe instructions

fyi: Writing Promise-Using Specifications

new issue/PR label: [subtype:CTAP]

Reviewed PRs #347 & #348

U2F to WebAuthn (as of Vijay's PR)

updated diffs of state of vgb-u2f-attestation branch (see PR #321)

W3C 02/13/2017 Web Authentication Face to Face Agenda

webauthn WD-04 published

Last message date: Tuesday, 28 February 2017 23:52:57 UTC