public-webauthn@w3.org from March 2017 by subject

03/01/2017 W3C Web Authentication WG Meeting Agenda

03/08/2017 W3C Web Authentication WG Meeting Agenda

03/15/2017 W3C Web Authentication WG Meeting Agenda

03/22/2017 W3C Web Authentication WG Meeting Agenda

[administrivia] wrt deleted branches and closed PR in webauthn repo

[w3c/webauthn]

[w3c/webauthn] 0154cb: replaced DAA root key by daaKeyId. Added proper r...

[w3c/webauthn] 0a0853: Built by Travis-CI: 84795c6bf1ea482488654e2eb02cb2...

[w3c/webauthn] 15c000: fixes linking issues and add resident key in authe...

[w3c/webauthn] 172959: make getAssertion() more precise a la makeCredenti...

[w3c/webauthn] 1c84e8: polish token binding occurances

[w3c/webauthn] 2ba5eb: Built by Travis-CI: dbce688512007c2a0d52ff3cac1f2e...

[w3c/webauthn] 2fd769: Change keystorage option as requireResidentKey fla...

[w3c/webauthn] 31bed4: added key storage parameter to the spec

[w3c/webauthn] 370dc7: Built by Travis-CI: be9240a66b18b1a564118374ed96ec...

[w3c/webauthn] 43fd00: fixes per vijaybh's review.

[w3c/webauthn] 480d95: Tiny typo in 'ScopedCredentialDesciptor'. (#383)

[w3c/webauthn] 48e1b6: fix getA() cutnpaste: ScopedCredentialOptions => A...

[w3c/webauthn] 4913e9: Built by Travis-CI: da9520ab40268541833f64e7436c12...

[w3c/webauthn] 4edcb9: Fix broken TPM links

[w3c/webauthn] 502fc6: Built by Travis-CI: c42a822a357c1697c999d930106ed6...

[w3c/webauthn] 50c961: fix build by adding the proverbial missing comma.....

[w3c/webauthn] 546f82: Make makeCredential() more precise. (#347)

[w3c/webauthn] 585377: Built by Travis-CI: 7ccb88203be7b7d521d9fe000ceb4e...

[w3c/webauthn] 609ad6: Fix two typos and some locally anomalous line leng...

[w3c/webauthn] 644551: Incorporate feedback from JeffH, part 1

[w3c/webauthn] 652551: Built by Travis-CI: aee0c081ff073637a67070cb446387...

[w3c/webauthn] 66a296: Refine makeCredential description

[w3c/webauthn] 795cb4: Built by Travis-CI: 7bac171a7380ca2ce7fcd6deafb0fc...

[w3c/webauthn] 7b85ee: polish 'user consent' dfn per jcjones comment

[w3c/webauthn] 7bac17: Jeffh canonicalize markup (#370)

[w3c/webauthn] 7ccb88: refine user verification and authz gesture definit...

[w3c/webauthn] 84795c: Typo: Fix a linking error after DAA merge. (#388)

[w3c/webauthn] 9148ef: Built by Travis-CI: 480d958aadde0602703a9a01c8daa9...

[w3c/webauthn] 951a76: Built by Travis-CI: 546f82fccf9d676c49a0af109a7f11...

[w3c/webauthn] 985f88: fixup getAssertion, polish algorithms (#371)

[w3c/webauthn] 9aaa4a: 'was specd'=>'present/not present' fixes #251. + m...

[w3c/webauthn] 9d8ac4: fix typo. See #233

[w3c/webauthn] 9dac88: add rendered -00d in .html .txt

[w3c/webauthn] a5ce49: Built by Travis-CI: 3351e05f4103836377b4d9b1411aac...

[w3c/webauthn] abfa91: Built by Travis-CI: 4edcb919532767ff95dd671baa1cb3...

[w3c/webauthn] aee0c0: Refine makeCredential description (#369)

[w3c/webauthn] b0f283: Incorporate feedback from JeffH, part 3

[w3c/webauthn] b27cb9: Built by Travis-CI: 94a30ff2498b5ee8b2b0898c596e1e...

[w3c/webauthn] b89275: update acks

[w3c/webauthn] be9240: alloc ArrayBuffers in correct global, fixes #293, ...

[w3c/webauthn] bed7c2: replaced DAA by ECDAA since this is the only varia...

[w3c/webauthn] bf6d61: fixing relevant origin bugs, thx vijaybh!

[w3c/webauthn] c42a82: Make hashAlg a "recognized algorithm name". (#352)

[w3c/webauthn] c85f7a: Incorporate feedback from JeffH, part 2

[w3c/webauthn] caade2: add 'spec roadmap' section as discussed with vijay...

[w3c/webauthn] cbf417: Built by Travis-CI: 4edcb919532767ff95dd671baa1cb3...

[w3c/webauthn] d8b6c8: refine user verification dfn

[w3c/webauthn] da9520: Align registries draft and WebAuthn draft and addr...

[w3c/webauthn] dbce68: Rename Account and ClientData fixes #312 (#344)

[w3c/webauthn] e20015: apply global and task src to getA() fixes #277

[w3c/webauthn] e20767: unversion rendered -webauthn-registries files

[w3c/webauthn] e27217: Built by Travis-CI: 985f88e1effa1662117d88fd0f9f6e...

[w3c/webauthn] ec625e: alloc ArrayBuffers in correct global, fixes #293, ...

[w3c/webauthn] eee29f: fixes some of the prior 'fixes' (haste made waste)

[w3c/webauthn] f1bc28: cleanup fixes for #254 and #271

[webauthn] "might be present on this authenticator" could use a clearer definition

[webauthn] "NotAllowedError" is in WebIDL editors draft but not in WebIDL Level 1

[webauthn] `rpID` origin relaxation?

[webauthn] Add "registration extension" and "authentication extension" to glossary

[webauthn] Add gesture verification parameter to option in both makeC and getA

[webauthn] Add keyStorage enum to ScopedCredentialOptions

[webauthn] Align registries draft and WebAuthn draft and address extension issues

[webauthn] alloc ArrayBuffers in correct global

[webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee

[webauthn] Consider empty allowLists

[webauthn] Constrain the "reasonable range" of timeouts

[webauthn] Creation of ScopedCredentialInfo in makeCredential should probably be more explicit

[webauthn] Creation of WebAuthnAssertion in getAssertion should probably be more explicit

[webauthn] Credential CBOR

[webauthn] Credential ID not signed

[webauthn] daaKey format? (ECPointToB -> ECPoint2ToB)

[webauthn] Define extension client processing more carefully.

[webauthn] Define what happens when the Document loses focus

[webauthn] Describe attacks on privacy that are allowed/prevented

[webauthn] detail-level issues in signature format, attestation format(s), attestation statement

[webauthn] Do we need "Algorithm Usage Location(s)" and "JOSE Implementation Requirements" in the IANA Considerations section?

[webauthn] Does "Then asynchronously continue executing the following steps" mean "in parallel"?

[webauthn] Drop UAF references in favor of better explanation

[webauthn] Editorial: use more elaborate variable names

[webauthn] Enable RP to choose authenticators based on key storage capability

[webauthn] Exception handling in cryptoParameters processing needs to be clarified

[webauthn] Explain how Token Binding IDs get associated with an HTML context.

[webauthn] fix webauthn ref in -webauthn-registries to link to webauthn editors' draft

[webauthn] fixup getAssertion, polish algorithms

[webauthn] follow Bluetooth and NFC brand usage guidance

[webauthn] getAssertion needs to not go async before making a copy of the assertionChallenge

[webauthn] hostname canonicalization in {#makeCredential} section?

[webauthn] Jeffh canonicalize markup

[webauthn] Justify differences in TPM Attestation Verification procedures in WebAuthn versus TCG specifications

[webauthn] Make hashAlg a "recognized algorithm name".

[webauthn] Make makeCredential() more precise.

[webauthn] makeCredential should be more precise than NotAllowedError in its last step

[webauthn] Need to clearly define what it means to SHA-256 hash the "host" output of the document.domain setter

[webauthn] new commits pushed by AngeloKai

[webauthn] new commits pushed by equalsJeffH

[webauthn] new commits pushed by rlin1

[webauthn] new commits pushed by selfissued

[webauthn] new commits pushed by vijaybh

[webauthn] new commits pushed by WebAuthnBot

[webauthn] Please coordinate with the HTML spec to extract the relevant bits of the document.domain setter so you can call them

[webauthn] Please ensure that all ArrayBuffer creations are done explicitly, in the correct global

[webauthn] Privacy across Account IDs

[webauthn] Privacy concerns with blacklist/whitelist

[webauthn] Processing model for extensions is very underdefined

[webauthn] Propose procedure for adding to attestation/extension registry

[webauthn] Protect against TLS MiTM by including TLS cert chain in signature

[webauthn] Refine makeCredential description

[webauthn] refine user verification and authz gesture definitions, add Test of User Presence

[webauthn] Rename Account and ClientData fixes #312

[webauthn] replaced DAA root key by daaKeyId. Added proper references

[webauthn] restrict WebAuthentication API to only top level browsing context

[webauthn] ScopedCredentialDescriptor can contain BufferSources that are processed async

[webauthn] Separated proposed changes to extension semantics from PR #386 and use TypeError, per @jyasskin

[webauthn] Should attestationChallenge be snapshotted in makeCredential, or used before going async?

[webauthn] Should the WebAuth API have a cancel() method?

[webauthn] Spec should not mandate behavior of server

[webauthn] Specify the set of hash algorithms UAs can select between.

[webauthn] Strawman of an integration between WebAuthn and Credential Management.

[webauthn] TAG review feedback: Align Credential interface with Credential Management?

[webauthn] There is no "current settings object" in algorithm steps that are executing in parallel

[webauthn] Throw NotFoundError when no authenticator is available

[webauthn] Tiny typo in 'ScopedCredentialDesciptor'.

[webauthn] UVM Extension Editorial Change

[webauthn] What does "If normalizedAlgorithm is empty" mean?

[webauthn] What does it mean to "get assertions" in getAssertion step 7?

[webauthn] What does normalizedParameters actually contain in makeCredential?

[webauthn] What ensures any semblance of interop for WebAuthnExtensions?

[webauthn] Why are various predefined extensions defined as extensions, and not just parts of the spec?

Align registries draft and WebAuthn draft and address extension issues

can't add...

Closed: [webauthn] `rpID` origin relaxation?

Closed: [webauthn] Add "registration extension" and "authentication extension" to glossary

Closed: [webauthn] callerOrigin isn't actually the origin of the caller; it's the origin of the callee

Closed: [webauthn] Consider scoping Account and ClientData

Closed: [webauthn] Creation of ScopedCredentialInfo in makeCredential should probably be more explicit

Closed: [webauthn] Creation of WebAuthnAssertion in getAssertion should probably be more explicit

Closed: [webauthn] Credential ID not signed

Closed: [webauthn] daaKey format? (ECPointToB -> ECPoint2ToB)

Closed: [webauthn] Do we need "Algorithm Usage Location(s)" and "JOSE Implementation Requirements" in the IANA Considerations section?

Closed: [webauthn] Does "Then asynchronously continue executing the following steps" mean "in parallel"?

Closed: [webauthn] Exception handling in cryptoParameters processing needs to be clarified

Closed: [webauthn] getAssertion needs to not go async before making a copy of the assertionChallenge

Closed: [webauthn] I don't understand how to create a ClientData in makeCredential

Closed: [webauthn] Need to clearly define what it means to SHA-256 hash the "host" output of the document.domain setter

Closed: [webauthn] Please coordinate with the HTML spec to extract the relevant bits of the document.domain setter so you can call them

Closed: [webauthn] Please ensure that all ArrayBuffer creations are done explicitly, in the correct global

Closed: [webauthn] ScopedCredentialDescriptor can contain BufferSources that are processed async

Closed: [webauthn] Should attestationChallenge be snapshotted in makeCredential, or used before going async?

Closed: [webauthn] The concept "empty" is not really defined for IDL sequences

Closed: [webauthn] The steps for makeCredential do a bunch of implicit getting of members

Closed: [webauthn] There is no "current settings object" in algorithm steps that are executing in parallel

Closed: [webauthn] User Verification definition needs to be refined

Closed: [webauthn] WebCryptoAPI's "normalizing an algorithm" cannot be done as part of async steps

Closed: [webauthn] What does "If normalizedAlgorithm is empty" mean?

Closed: [webauthn] What does it mean to "get assertions" in getAssertion step 7?

Closed: [webauthn] What does normalizedParameters actually contain in makeCredential?

CredMan Credential Scoping and Webauthn

CredMan Schedule

Dirk's presentation of the relationship between CredMan and WebAuthn

editorial: fixup all '<a>...</a>' to be '[=...=]' ?

Focus for 04/05/2016 W3C WebAuthentication WG Meeting

fyi: webkit intent to implement Credential Management Level 1

mike west on Credential Management & WebAuthn status

Please review PR #386

PR #344

Reminder no w3c WebAuthn meeting today

reviewed issues, closed some, assigned subtypes

Self-Signed Packed Attestation

Separated proposed changes to extension semantics from PR #386 and use TypeError, per @jyasskin

TPM hyperlinks broken?

Web Authentication WG PAG Recommends Continued WOrk

WebAuthn Registries document now an Internet Draft

wrt deleted branches and closed PR in webauthn repo

Last message date: Friday, 31 March 2017 21:13:00 UTC