- From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
- Date: Thu, 09 Nov 2017 22:14:34 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by rlin1 to https://github.com/w3c/webauthn: * fix proper subset tweak (#542) by Angelo Liao https://github.com/w3c/webauthn/commit/14c2733ca6a4a9568e4c48fef1b870448818e811 * Plumb User ID through We need to plumb the custom user id that the RP gave the authenticator during MakeCredential back through to the RP when doing getAssertion. by christiaanbrand https://github.com/w3c/webauthn/commit/ac89087f42ac3875f5dde3d581c1c85bc830609c * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/3e0d2915aab90bccbd7d8ae89aa484db4fb712e8 * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/c96b64bee7bbd918317d5a6b3865fc8f10f280d4 * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/f6499b2a7f85b2f2d3a14efda265f2fb75f94bf0 * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/0ce6b12b54d40a34c1ea535d2c59555677921b18 * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/92f4b3218a8aa711e39a4385e87d48c3bf25618c * Remove user agent getting user consent sentence (#553) Closes #552 by Alexei Czeskis https://github.com/w3c/webauthn/commit/eb401b78e218af43715e426ea1825fc14966113d * using descriptive names for authenticator selection criteria (#555) Since we don't directly send the values of the AuthenticatorSelectionCriteria dictionary keys over the wire, it's ok to leave these values in a human-readable form. by balfanz https://github.com/w3c/webauthn/commit/dcf793928221b1883f4c9ac4dd5264b570606e52 * Update index.bs by Alexei Czeskis https://github.com/w3c/webauthn/commit/5e2f228d76005a767f2c4e94f1af6b8c2c7d717d * Fix Android attestation (#546) * Fix Android attestation Android attestation had a circular dependency on the public key: The authenticatorData has a public key that was originally intended to be stuck in the ChallengeData for generating a new keypair. When calling this function the public key isn't available to us yet. We have made a change to bring this in line with other attestation formats (ie. packed attestation). * Update index.bs * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/db1be8059b02cb8981fbe0229f6d1eebaedb9505 * Update index.bs by Alexei Czeskis https://github.com/w3c/webauthn/commit/25dfc77228d74440711ff36ff72b81ba77e40669 * Update index.bs by Alexei Czeskis https://github.com/w3c/webauthn/commit/f6f85172b064d72ca036fede2ff67188ac888a76 * Clarify Safetynet attestation return value Clarify the encoding of SafetyNet attestation as a UTF8 encoded string. Closes #563 by christiaanbrand https://github.com/w3c/webauthn/commit/6e45cc14c885fa3196519484ee6a08a419a31576 * Clarifying signing procedure for U2F attestation This closes #530 by balfanz https://github.com/w3c/webauthn/commit/5502d42d31d1aa5b6bc79f686cfecf0c6dbf04f5 * Address security and privacy issues witht the iconURL (#545) * fix proper subset tweak * added a priori constraint on iconURL per credman spec * reference the CR version of Mixed Content instead of editors draft by Angelo Liao https://github.com/w3c/webauthn/commit/f37cfc5dfd074832ab61ed299d1ee7d2a6f5c724 * Clarify excludeCredentialDescriptorList (#573) Add more clarity around the use of excludeCredentialDescriptorList. Closes #567. by Christiaan Brand https://github.com/w3c/webauthn/commit/67e922c011aeb2668fd7adfaf75d7f3b7a28cb6c * Fix reference to UTF8 by Christiaan Brand https://github.com/w3c/webauthn/commit/ee912eeef7cccfb95197938253c956619bb3a8ca * Fix #577 - CDDL for attStmtTemplate is ambiguous There are multiple definitions of `attStmtType`; the template defines it to be `bytes`, while each concrete instance of the template defines it as a map. This clarifies that it is always a map, since the ".within" control operator for CDDL defines that the socket `$$attStmtType` to be the superset of `attStmtTemplate`. [1] [1] https://tools.ietf.org/html/draft-ietf-cbor-cddl-00#section-3.8.5 by J.C. Jones https://github.com/w3c/webauthn/commit/3e86e705a5ad41f163df76649370e13c5045fb73 * Fix syntax errors in JavaScript examples. by James Barclay https://github.com/w3c/webauthn/commit/4aa72b65ac0a05e8e21ed64d34249a3eae916eed * Clean up COSEAlgorithmIdentifier loose ends (#580) Clean up COSEAlgorithmIdentifier loose ends by Mike Jones https://github.com/w3c/webauthn/commit/2ec526743c1fe42ea602fa31d47eed9800a0daf9 * Make user.id a byte array (#586) Make user.id a byte array by Mike Jones https://github.com/w3c/webauthn/commit/26552c41d086f46be877018dc2c8b059178ccaec * Corrected inaccuracy in authenticator extension processing description by Mike Jones https://github.com/w3c/webauthn/commit/0141d97cd79d1bf869b47eb72d4552b729a0ec5c * Merge pull request #571 from w3c/balfanz-patch-2 Clarifying signing procedure for U2F attestation by Christiaan Brand https://github.com/w3c/webauthn/commit/96b9a982b235144816abaaa6517d364eef8dd824 * Merge pull request #572 from christiaanbrand/patch-4 Clarify Safetynet attestation return value by Christiaan Brand https://github.com/w3c/webauthn/commit/6589a1013cd776da57d704eb8508fcd53fa6cc88 * Merge pull request #595 from futureimperfect/master Fix syntax errors in JavaScript examples. by Christiaan Brand https://github.com/w3c/webauthn/commit/d96d7668a53bfc463968bedc9d9b95cd64add262 * Merge pull request #596 from selfissued/mbj-extension-description-tweak Corrected inaccuracy in authenticator extension processing description by Christiaan Brand https://github.com/w3c/webauthn/commit/3ee8ed586c2ce62f7a4180cb9dcf0d8d8e5f87cc * Change user id to user handle by Christiaan Brand https://github.com/w3c/webauthn/commit/e63537fcc62af6f0f9768d0e992bf0627b8f6f7b * Add Vagrantfile for a VM with bikeshed installed by Emil Lundberg https://github.com/w3c/webauthn/commit/17539f571cff60af8bbe236f958aa023d917fd45 * Merge pull request #558 from christiaanbrand/patch-2 Plumb User ID through by Christiaan Brand https://github.com/w3c/webauthn/commit/23b91fbb455dd3cc84e071c0dab50a3570beea79 * Updates per jyasskin review, referencing CDDL 3.5.1 https://tools.ietf.org/html/draft-ietf-cbor-cddl-00#page-18 by J.C. Jones https://github.com/w3c/webauthn/commit/5630b47a7d08b291607ed1c4215afea4c0091fed * Merge pull request #581 from jcjones/577-cddl_attStmt_type Fix #577 - CDDL for attStmtTemplate is ambiguous by J.C. Jones https://github.com/w3c/webauthn/commit/0cae38154c59cf4760e7dfed00f2c44e298f8c9f * Give authData and attestationData fields formal names As suggested in #233. by Emil Lundberg https://github.com/w3c/webauthn/commit/9a1c34f0c5fd1b65338e081553f914b2da52ac85 * Number the steps in the authenticator operations. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/089c10e16bdcda0bd75db1d7f1d6a2be21304e08 * Add reference to credentialPublicKey by Emil Lundberg https://github.com/w3c/webauthn/commit/6820c710f2872d4604fd0def62ec5bbc1674286b * Rename attestation data to attested credential data As suggested in #393. by Emil Lundberg https://github.com/w3c/webauthn/commit/2de6bfbb93a35216667efff9a7f6755de2c10b5a * Update Figure 1 to agree with 2de6bfb by Emil Lundberg https://github.com/w3c/webauthn/commit/7162ea1ac3b88585a29f87951641f15e98acd329 * Remove errant reference to [=attested credential data=] by Emil Lundberg https://github.com/w3c/webauthn/commit/151504eac4b3196e9d24b395af53ae9fcf679905 * Merge branch 'master' into issue-393 by Emil Lundberg https://github.com/w3c/webauthn/commit/ab7f16fdfcf1d2ed2eb74df70be2a6597177e644 * Fix #618 - Make PublicKeyCredential.isPlatformAuthenticatorAvailable static The example in the spec shows static usage of isPlatformAuthenticatorAvailable, but isPlatformAuthenticatorAvailable is defined [Unscopable], which is a regular operation which is defined as being not static. I think the static method of using this is what we want, actually. Declaring this as a non-static method on PublicKeyCredential means users need to obtain a concrete PublicKeyCredential object on which to call isPlatformAuthenticatorAvailable(). This leads to a situation where you have to first complete a call to navigator.credentials.create() in order to call isPlatformAuthenticatorAvailable(). by J.C. Jones https://github.com/w3c/webauthn/commit/d0a010cd6a23b96044ae0708dd8bb33bff66dc78 * Merge pull request #612 from emlun/vagrant-bikeshed Tools: Add Vagrantfile for a VM with bikeshed installed by J.C. Jones https://github.com/w3c/webauthn/commit/670ecb37e810efaa527f2068685315e32204912b * Fix #609: Formally define User Handle (#616) - Formally define User Handle - Rename "user id" and similar terms to "user handle" everywhere - Change name and type of `AuthenticatorAssertionResponse` field `DOMString userId` to `ArrayBuffer userHandle` - `PublicKeyCredentialUserEntity.id` is not renamed, but it is now referred to as the "user handle" This does not: - Formally define the term "user account". - Improve the privacy considerations around returning `userHandle`, as suggested in #578. by Emil Lundberg https://github.com/w3c/webauthn/commit/e74d8c4da2813559086fa32a28bdc6c576d54c1f * Rewrite Generating an Attestation Object as an algorithm. (#600) This replaces the "first generate the authenticator data" step with an input because that's how it's called. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/8b23fb85f33c03e0420fb8182d9d774012546fd9 * Use || uniformly for concatenation. (#615) Fixes #562. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/e65e43ed53dcdb411d34a9d75decfc14e768c503 * Merge branch 'master' into issue-393 by Emil Lundberg https://github.com/w3c/webauthn/commit/e8e993ec0b0f03418661e2b8c565dc3e27caba95 * Sign counter alg clarification [see issue #507] (#539) * added description for U2F attestation format * more description added * ... * added RP processing rule for signature counter * explanation added: why should you compare signature counter * add explanation: where does signature come from * changes as requested in the PR * changes as requested in the PR * changes as requested in the PR * correction * more corrections * typo * corrected phrase as indicated by equalsJeffH * correction: bikeshed still wants spaces - not tabs * updating signcounter consideration according to suggestion in comment * synatax corrections * synatax corrections * more changes added * more corrections according to the comments in the issue * addressed second last comment * removed signing procedure details and referred to CTAP2 section 7 * fixed indent issue * fix typo by Rolf Lindemann https://github.com/w3c/webauthn/commit/d89c5031770f673288c1f5cb320adf33cbf11463 * Merge branch 'master' into issue-393 by Emil Lundberg https://github.com/w3c/webauthn/commit/042726c60a943fc391527cec202216bd07bd8666 * Merge pull request #619 from jcjones/618-isPlatformAuthenticatorAvailable Fix #618 - Make PublicKeyCredential.isPlatformAuthenticatorAvailable static by J.C. Jones https://github.com/w3c/webauthn/commit/b0a205bc0010df59ab4657f83429b33b932cf552 * Name the parameters and variables in authenticatorMakeCredential. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/c4b96d2114d6f6f18fc04f90961dbcd4b8164696 * Link "item" and use tuple rather than pair syntax for keys. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/c514c5af0539c6b847abf0051c0932d8b049370a * Improve the counter wording. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/29c00ca8a90ec4abc4547663df7bb13af6a394fe * Fix [=RP=] links that should be [=[RP]=]. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/997e749a47c656e2d5671dcbd2d27d4282832b89 * remove not needed closing bracket by Rolf Lindemann https://github.com/w3c/webauthn/commit/c16fafd18def10492d29162d1a7daa4a37983510 * Require authenticators to implement the signature counter (#630) by Mike Jones https://github.com/w3c/webauthn/commit/2d3732b659a0b4fcd439097137a2618e3ebe4cd3 * updated the definition of authenticator (#607) * updated the definition of authenticator * updated according to comment by Rolf Lindemann https://github.com/w3c/webauthn/commit/1674caa4663e5fa1e3635d48be8b787e0c2d82ef * Relaxing user prompt requirements in certain cases Relaxing the requirement to prompt the user on key creation *if* the authenticator is built-in *and* the RP didn't supply an excludeList of credentials. by balfanz https://github.com/w3c/webauthn/commit/9598e1d11e4ab344387131ad908f0335512bebdb * Merge pull request #634 from w3c/balfanz-patch-3 Relaxing user prompt requirements in certain cases by balfanz https://github.com/w3c/webauthn/commit/394c9c0b369232a9004f71e3638fcc958a8725e0 * Merge branch 'master' into issue-393 by Emil Lundberg https://github.com/w3c/webauthn/commit/98549bde4320f311772c1fcaf42d7963f67b37dc * Link attestation statement and -format in §6.1 step 10 As discussed in #561 by Emil Lundberg https://github.com/w3c/webauthn/commit/490eeaf49490456b93755a0c82ac0e7811574f2c * Add a Relying Party conformance class. (#604) * Add a Relying Party conformance class. Fixes #88. * Link "Relying Party". by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/527aaf67e45838baba4d325cf1267504717fc8fc * Fix merge conflicts by J.C. Jones https://github.com/w3c/webauthn/commit/ea38238bd75789a894ef7ab52abefeb8d5514c0c * Merge remote-tracking branch 'origin/master' into jyasskin-name-authenticator-params by J.C. Jones https://github.com/w3c/webauthn/commit/7fde1b973f3bcc17bca2ca30e92365d6cf1a0da7 * Merge branch 'jyasskin-name-authenticator-params' by J.C. Jones https://github.com/w3c/webauthn/commit/f6c9ed6d04ae0d695a6bf2659c214404ef3b5e6f * Fix User.ID example Make User.ID binary in example 2 in section 11. Closes #598 by Christiaan Brand https://github.com/w3c/webauthn/commit/95fd62a3844a95c6cd9065fee90d73e60583f3fc * Fix #551 - Define a Store method for PublicKeyCredential. The Store operation isn't defined for PublicKeyCredential, even though it is inherited from Credential Management. This defines that operation as always resolving with an error. by J.C. Jones https://github.com/w3c/webauthn/commit/b7613fa71c23d7f52bad394a2d4e8087f1e10453 * Merge pull request #631 from jcjones/551-store Fix #551 - Define a Store method for PublicKeyCredential. by J.C. Jones https://github.com/w3c/webauthn/commit/fff646941a6b79ced149e1d42bc2f0c4a6f9752e * Merge pull request #635 from emlun/issue-561 Link attestation statement and -format in §6.1 step 10 by J.C. Jones https://github.com/w3c/webauthn/commit/06d5468e5b70ff5476e87188941e87d0cec67c20 * Rewrite the "make an assertion" introduction to clarify how get() works. (#611) * Rewrite the "make an assertion" introduction to clarify how get() works. Fixes #566. * Fix equalsJeffH's comments. * Clarify the "user may decline" sentence per equalsJeffH. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/97e8af01a1115f589ec21272e258a7b338b09f6a * update CTAP ref with correct authors and URL (#638) by =JeffH https://github.com/w3c/webauthn/commit/f94ed9180b06571bc0af59d605f56fa520072edf * Name the parameters and variables in authenticatorGetAssertion. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/9a542186a04aab5ff2552647e394316d33e6f9fa * s/ID/credential ID/ by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/6594dc74bcd89bcfd218d307e054f0fbac3c6112 * Merge pull request #637 from w3c/christiaanbrand-patch-1 Fix User.ID example by J.C. Jones https://github.com/w3c/webauthn/commit/641949fd27a21a929fd17f2d3b95be1006120110 * Merge branch 'master' into issue-393 by Emil Lundberg https://github.com/w3c/webauthn/commit/fc94c52a158c5469ea2fcb95e754df4b8508d8f0 * Fix grammar in description of attested credential data length by Emil Lundberg https://github.com/w3c/webauthn/commit/1308537fa012d22c872bbab10ba06a811ade6959 * Update to newest bikeshed state by J.C. Jones https://github.com/w3c/webauthn/commit/1b4c2449d471358600fb1b61a73e523e927c475f * Also update bikshed-include to fix the double-Abstract problem by J.C. Jones https://github.com/w3c/webauthn/commit/6563f2209fba7bfd695080f15800ca9220374b0e * Link "extension identifier" as requested in #602 https://github.com/w3c/webauthn/pull/602#discussion_r144167932 by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/4bb24bfe5ddfd676eafd408efb32f9078ec4733a * Merge pull request #614 from emlun/issue-393 Fix #393: Rename attestation data to attested credential data by Emil Lundberg https://github.com/w3c/webauthn/commit/408ef307c90c3f80f7c06405b73225924bb7c2e5 * Fix #569 - Add Exposed to all WebIDL interfaces by J.C. Jones https://github.com/w3c/webauthn/commit/a7482798404193a96058f63aabb376b95bf1aad0 * Remove attributes from partial interface definition by J.C. Jones https://github.com/w3c/webauthn/commit/ee174c2aa78b77ffb8de5b9d758333dcc6bb9493 * Only exclude CredIDs matching the RPID Only credentials in the exclude credentials list that match this RPID should result in a not allowed error. by Johan Verrept https://github.com/w3c/webauthn/commit/d879b79a8c3e7a73d134d63fc84db9948c278a7b * Fix #561 by Emil Lundberg https://github.com/w3c/webauthn/commit/b9575efdfd8952ca6e44cc1b733df2f870891d71 * Merge pull request #652 from w3c/issue-561 Fix #561 by Emil Lundberg https://github.com/w3c/webauthn/commit/bf41e8ed5cf0e0fe7a2696e6bd82bffac39e767a * Fix #624 - Change PublicKeyCredential.clientExtensionResults to an operation The attribute `clientExtensionResults` is a typedef of `record<DOMString, any>`. The WebIDL spec says "Records must not be used as the type of an attribute or constant", so this is not legal. This commit changes the attribute `clientExtensionResults` into an operation `getClientExtensionResults()`. by J.C. Jones https://github.com/w3c/webauthn/commit/b8c60278ad53479d03a2247e1360c33869f58e92 * fixup algs contd 3 (#498) * do not call authenticatorMakeCredential() with separate |rpId| fixes #466 * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * fixup global object reference per domenic, improves #472 * indent 4.1.4 step 18et al to clarify relation to prior step * fix line indent * do not call authenticatorMakeCredential() with separate |rpId| fixes #466 * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * fixup global object reference per domenic, improves #472 * indent 4.1.4 step 18et al to clarify relation to prior step * fix line indent * post rebase-on-master, fix dangling MakeCredentialOptions * fix error in resolving rebase conflicts * further rebase conflict resolution error fixups * convert switch steps to colon-denotation * tag 'while' * primary changes for improving #472 mostly complete * further issue #472 cleanups * del 'cancel the timer' from #creatCredential fixes #535 * polish constructResultantCredentialCallback method description * incorp comments from mikewest at webappsec-credential-management/pull/100 * rebased onto master * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * fixup global object reference per domenic, improves #472 * indent 4.1.4 step 18et al to clarify relation to prior step * fix line indent * do not call authenticatorMakeCredential() with separate |rpId| fixes #466 * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * post rebase-on-master, fix dangling MakeCredentialOptions * fix error in resolving rebase conflicts * convert switch steps to colon-denotation * tag 'while' * primary changes for improving #472 mostly complete * further issue #472 cleanups * polish constructResultantCredentialCallback method description * incorp comments from mikewest at webappsec-credential-management/pull/100 * fix indents make BS happy, add some periods * fix code tags placement * correct bugs in prior merge conflict resolution, doh * rm 'the bytes of' * add missing @@EDITOR-ANCHOR-01A * auto-number some steps * re- fix #466 (due to merge-from-master), fix #536 * eliminate callback and just return an algorithm from #createCredential * continue fix conflicts from merge from master * fix a couple of issue #466 stragglers in #op-make-cred * revert to prior AuthenticationExtensions language per jyasskin * add inline spec issue pointing to issue #657 * minor cleanups, remove issue wrt not explicitly returning |credentialCreationData| * fix annoying bikeshed warning wrt 'rpEntity' * correctly fix warning as well as other incorrect markup by =JeffH https://github.com/w3c/webauthn/commit/f1f54951d5e5bffc54bbaf971ef72f091c9cde74 * clarified the ECDAA signing procedure. Close #591 (#641) * clarified the ECDAA signing procedure. Close #591 * fix indent error * fix line-indentation make BS happy by Rolf Lindemann https://github.com/w3c/webauthn/commit/01aa320dfad02e768dbfdb2071191cce3e6e18d8 * Fix #574 - Change language for Create and Get to support hotplugging This is an incomplete fix; a full fix is intended to be handled in Issue #613. This reorders the Create and Get operations to indicate that the algorithms for interacting with devices should be applied as devices are hotplugged / arrive. It does not specify what happens when devices are removed, nor does it use precise language. I'm not sure what language would be appropriate in this world, so this patch is just to make things "better" not "correct". Resolve @equalsJeffH's comments: 1. Define |lifetimeTimer| and make it available to the line that starts the hotplugging 2. Use the |lifetimeTimer| for references later in those algorithms to reduce confusion 3. Reword the Notes 4. Change the Notes to Issues by J.C. Jones https://github.com/w3c/webauthn/commit/6e0716f1f38c7a89b4bc8d1539d215e43b6a6bf0 * Address @AngeloKai's comments by J.C. Jones https://github.com/w3c/webauthn/commit/7bc3a3e7bb24fbb9c3def88ffd956f47a78226c0 * Address @AngeloKai's comments about lifetimeTimer by J.C. Jones https://github.com/w3c/webauthn/commit/df88d55d3c4d6133c744eaa4cab25a59571ecb84 * Last minute nitfixes by J.C. Jones https://github.com/w3c/webauthn/commit/83da7ff458cff646e9f8773a90a8f767b9c3f36d * Merge pull request #655 from jcjones/574-hotplugging Fix #574 - Change language for Create and Get to support hotplugging by J.C. Jones https://github.com/w3c/webauthn/commit/579f6cfe6247606ca7e1ffb455ad9964a4ee9c80 * Change |rpId| to rpEntity.id by Johan Verrept https://github.com/w3c/webauthn/commit/be4c139c8bdf0bc1fab835d63194fcf8b527b814 * Fix #560: ensure #registering-a-new-credential step 10 and the inputs to all attStmt types' verification procedures match (#639) * Fix #560 * Address review comments * Link [=authenticator data=] in <dfn>auth...data claimed...attestation</dfn> * Define attestation trust path by Emil Lundberg https://github.com/w3c/webauthn/commit/e9a9c33d30505f9ab9860a3f292cd1283fb97f80 * Fix getAssertion too. by Johan Verrept https://github.com/w3c/webauthn/commit/4794adbb4ad20e4c0543ad7fb203149c0ce5fda9 * In this case it is |rpId| by Johan Verrept https://github.com/w3c/webauthn/commit/a242e6a93c6874741385db1943c5e5cef82a9264 * fix #657: where does return value of PublicKeyCredential.getClientExtensionResults() come from? by JeffH https://github.com/w3c/webauthn/commit/5c8dc4923ec502bc43bc3fff4f47070e1d5c26d9 * grammar fix by JeffH https://github.com/w3c/webauthn/commit/5ea8a285b1af248c275a3dd0d471469fbfe32571 * Merge pull request #662 from w3c/jeffh-fixup-algs-contd-5 fix #657: where does return value of PublicKeyCredential.getClientExtensionResults() come from? by J.C. Jones https://github.com/w3c/webauthn/commit/bcb5c110968ae4d3c410a62440b254bf161fd121 * Improved language. by Johan Verrept https://github.com/w3c/webauthn/commit/af041112f1644967731fc340c0ac1bee74e2cea9 * Fix up makeCredential with the same fixes. Also added a reference to the list item back in the correct place. by Johan Verrept https://github.com/w3c/webauthn/commit/558c01377e5e1cc386fa9cf4c335af528ff7bc04 * Update index.bs by Johan Verrept https://github.com/w3c/webauthn/commit/e051327afd111b69bfd741942b24a139efbe7ebe * Fix indent. by Johan Verrept https://github.com/w3c/webauthn/commit/6e5f27fb19aebd99583c77c8f4ceb70b8bba54ff * Define Public Key Credential Source and Credential ID. (#620) This also redefines "Public Key Credential" to cover private keys, public keys, and assertions, as a willful violation of RFC4949. Credential ID is defined to explicitly include the possibility that it's the encrypted Credential Source. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/c647b7099dfc78dcab15998783971efa1ea67987 * Sensible limits for RP and User Entity fields. (#667) by Akshay Kumar https://github.com/w3c/webauthn/commit/0418f3eeb054b57bc541bbf57f689959ae154cd3 * Make PublicKeyCredentialEntity hierarchy required members required in IDL This resolves #587. Summary: - Make member `PublicKeyCredentialEntity.name` required - Make member `PublicKeyCredentialUserEntity.id` required - Make member `PublicKeyCredentialUserEntity.displayName` required - Remove algorithm step from _§5.1.3 Create a new credential_ that instructed to throw an exception if any of the above members were missing by Emil Lundberg https://github.com/w3c/webauthn/commit/9f5df060fc78da739e408e4aff2e7edd165e6fe3 * Merge pull request #651 from jovasco/patch-1 Only exclude CredIDs matching the RPID by J.C. Jones https://github.com/w3c/webauthn/commit/625bd7acf014bb1664d2b8852883d83dba96b944 * Merge pull request #669 from w3c/issue-587 Fix #587: Make PublicKeyCredentialEntity members required in IDL by J.C. Jones https://github.com/w3c/webauthn/commit/7153b55e8cd8e1bad5b5f57ee1eb7da158695361 * Make create() and get() abortable (#544) * do not call authenticatorMakeCredential() with separate |rpId| fixes #466 * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * fixup global object reference per domenic, improves #472 * indent 4.1.4 step 18et al to clarify relation to prior step * fix line indent * do not call authenticatorMakeCredential() with separate |rpId| fixes #466 * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * fixup global object reference per domenic, improves #472 * indent 4.1.4 step 18et al to clarify relation to prior step * fix line indent * post rebase-on-master, fix dangling MakeCredentialOptions * fix error in resolving rebase conflicts * further rebase conflict resolution error fixups * convert switch steps to colon-denotation * tag 'while' * primary changes for improving #472 mostly complete * further issue #472 cleanups * del 'cancel the timer' from #creatCredential fixes #535 * polish constructResultantCredentialCallback method description * marked authenticator model section as non-normative * marked relying party operation section as non-normative * fix proper subset tweak * Added abort signal object and steps to webauthn * fixed a minor issue with linking * add minor edits to focus on the main things * getting the blank line correct * Added a example section to explain how abort should be used * fix up example * committing before computer dies * updated grammars of the example based on feedback * update example text * Updated with the section on switching tab; complete the PR * minor tweak * finished polishing the spec * whoops one leftover * finally figured out how to remove last two linking errors * take out abortsignal from extension; edit promise rejection by Angelo Liao https://github.com/w3c/webauthn/commit/931b46eece69f5d780ce4b317e3a377a3a67f85c * fix #254: credman alignment: update #getAssertion section a la PR #498 (#665) * actually improve #254, and fix #661 * DiscoFrmExtSource(options) -> (origin, options) * make [[DiscoFrmExtSource]]'s exposition match [[Create]]'s * deal with yet another fix #254 straggler in [[Create]] * get rid of |global| in [[DiscoFrmExtSource]] * remove 'in parallel' and 'global' stuff from #discover-from-external-source alg * work on #discover-from-external-source alg to improve #254 * finish (one hopes) work on #discover-from-external-source alg to fix #254 * minor editorial * repair #createCredential intro parag, improves issue #671 * complete fix #671 by =JeffH https://github.com/w3c/webauthn/commit/d468a75b6a723867d24add0bd01bd7225acbcdbf * Modify SafetyNet descriptive text (#643) * Update index.bs Biometric Selection Criteria extension * Update index.bs * Update index.bs * Update index.bs * Update index.bs by gmandyam https://github.com/w3c/webauthn/commit/0e93926d7c77afd07e75002880f15b53e5137bf2 * resolved auto-merge conflicts by rlin1 https://github.com/w3c/webauthn/commit/75d75517856312262b0430043b66e8fc01a47ea8
Received on Thursday, 9 November 2017 22:14:40 UTC