- From: balfanz via GitHub <sysbot+gh@w3.org>
- Date: Sat, 11 Nov 2017 23:27:50 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by balfanz to https://github.com/w3c/webauthn: * Give authData and attestationData fields formal names As suggested in #233. by Emil Lundberg https://github.com/w3c/webauthn/commit/9a1c34f0c5fd1b65338e081553f914b2da52ac85 * Add reference to credentialPublicKey by Emil Lundberg https://github.com/w3c/webauthn/commit/6820c710f2872d4604fd0def62ec5bbc1674286b * Rename attestation data to attested credential data As suggested in #393. by Emil Lundberg https://github.com/w3c/webauthn/commit/2de6bfbb93a35216667efff9a7f6755de2c10b5a * Update Figure 1 to agree with 2de6bfb by Emil Lundberg https://github.com/w3c/webauthn/commit/7162ea1ac3b88585a29f87951641f15e98acd329 * Remove errant reference to [=attested credential data=] by Emil Lundberg https://github.com/w3c/webauthn/commit/151504eac4b3196e9d24b395af53ae9fcf679905 * Merge branch 'master' into issue-393 by Emil Lundberg https://github.com/w3c/webauthn/commit/ab7f16fdfcf1d2ed2eb74df70be2a6597177e644 * Merge branch 'master' into issue-393 by Emil Lundberg https://github.com/w3c/webauthn/commit/e8e993ec0b0f03418661e2b8c565dc3e27caba95 * Merge branch 'master' into issue-393 by Emil Lundberg https://github.com/w3c/webauthn/commit/042726c60a943fc391527cec202216bd07bd8666 * Name the parameters and variables in authenticatorMakeCredential. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/c4b96d2114d6f6f18fc04f90961dbcd4b8164696 * Link "item" and use tuple rather than pair syntax for keys. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/c514c5af0539c6b847abf0051c0932d8b049370a * Improve the counter wording. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/29c00ca8a90ec4abc4547663df7bb13af6a394fe * Merge branch 'master' into issue-393 by Emil Lundberg https://github.com/w3c/webauthn/commit/98549bde4320f311772c1fcaf42d7963f67b37dc * Link attestation statement and -format in §6.1 step 10 As discussed in #561 by Emil Lundberg https://github.com/w3c/webauthn/commit/490eeaf49490456b93755a0c82ac0e7811574f2c * Add a Relying Party conformance class. (#604) * Add a Relying Party conformance class. Fixes #88. * Link "Relying Party". by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/527aaf67e45838baba4d325cf1267504717fc8fc * Fix merge conflicts by J.C. Jones https://github.com/w3c/webauthn/commit/ea38238bd75789a894ef7ab52abefeb8d5514c0c * Merge remote-tracking branch 'origin/master' into jyasskin-name-authenticator-params by J.C. Jones https://github.com/w3c/webauthn/commit/7fde1b973f3bcc17bca2ca30e92365d6cf1a0da7 * Merge branch 'jyasskin-name-authenticator-params' by J.C. Jones https://github.com/w3c/webauthn/commit/f6c9ed6d04ae0d695a6bf2659c214404ef3b5e6f * Fix User.ID example Make User.ID binary in example 2 in section 11. Closes #598 by Christiaan Brand https://github.com/w3c/webauthn/commit/95fd62a3844a95c6cd9065fee90d73e60583f3fc * Fix #551 - Define a Store method for PublicKeyCredential. The Store operation isn't defined for PublicKeyCredential, even though it is inherited from Credential Management. This defines that operation as always resolving with an error. by J.C. Jones https://github.com/w3c/webauthn/commit/b7613fa71c23d7f52bad394a2d4e8087f1e10453 * Merge pull request #631 from jcjones/551-store Fix #551 - Define a Store method for PublicKeyCredential. by J.C. Jones https://github.com/w3c/webauthn/commit/fff646941a6b79ced149e1d42bc2f0c4a6f9752e * Merge pull request #635 from emlun/issue-561 Link attestation statement and -format in §6.1 step 10 by J.C. Jones https://github.com/w3c/webauthn/commit/06d5468e5b70ff5476e87188941e87d0cec67c20 * Rewrite the "make an assertion" introduction to clarify how get() works. (#611) * Rewrite the "make an assertion" introduction to clarify how get() works. Fixes #566. * Fix equalsJeffH's comments. * Clarify the "user may decline" sentence per equalsJeffH. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/97e8af01a1115f589ec21272e258a7b338b09f6a * update CTAP ref with correct authors and URL (#638) by =JeffH https://github.com/w3c/webauthn/commit/f94ed9180b06571bc0af59d605f56fa520072edf * Name the parameters and variables in authenticatorGetAssertion. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/9a542186a04aab5ff2552647e394316d33e6f9fa * s/ID/credential ID/ by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/6594dc74bcd89bcfd218d307e054f0fbac3c6112 * Merge pull request #637 from w3c/christiaanbrand-patch-1 Fix User.ID example by J.C. Jones https://github.com/w3c/webauthn/commit/641949fd27a21a929fd17f2d3b95be1006120110 * Merge branch 'master' into issue-393 by Emil Lundberg https://github.com/w3c/webauthn/commit/fc94c52a158c5469ea2fcb95e754df4b8508d8f0 * Fix grammar in description of attested credential data length by Emil Lundberg https://github.com/w3c/webauthn/commit/1308537fa012d22c872bbab10ba06a811ade6959 * Update to newest bikeshed state by J.C. Jones https://github.com/w3c/webauthn/commit/1b4c2449d471358600fb1b61a73e523e927c475f * Also update bikshed-include to fix the double-Abstract problem by J.C. Jones https://github.com/w3c/webauthn/commit/6563f2209fba7bfd695080f15800ca9220374b0e * Link "extension identifier" as requested in #602 https://github.com/w3c/webauthn/pull/602#discussion_r144167932 by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/4bb24bfe5ddfd676eafd408efb32f9078ec4733a * Merge pull request #614 from emlun/issue-393 Fix #393: Rename attestation data to attested credential data by Emil Lundberg https://github.com/w3c/webauthn/commit/408ef307c90c3f80f7c06405b73225924bb7c2e5 * Fix #569 - Add Exposed to all WebIDL interfaces by J.C. Jones https://github.com/w3c/webauthn/commit/a7482798404193a96058f63aabb376b95bf1aad0 * Remove attributes from partial interface definition by J.C. Jones https://github.com/w3c/webauthn/commit/ee174c2aa78b77ffb8de5b9d758333dcc6bb9493 * Only exclude CredIDs matching the RPID Only credentials in the exclude credentials list that match this RPID should result in a not allowed error. by Johan Verrept https://github.com/w3c/webauthn/commit/d879b79a8c3e7a73d134d63fc84db9948c278a7b * Fix #561 by Emil Lundberg https://github.com/w3c/webauthn/commit/b9575efdfd8952ca6e44cc1b733df2f870891d71 * Merge pull request #652 from w3c/issue-561 Fix #561 by Emil Lundberg https://github.com/w3c/webauthn/commit/bf41e8ed5cf0e0fe7a2696e6bd82bffac39e767a * Fix #624 - Change PublicKeyCredential.clientExtensionResults to an operation The attribute `clientExtensionResults` is a typedef of `record<DOMString, any>`. The WebIDL spec says "Records must not be used as the type of an attribute or constant", so this is not legal. This commit changes the attribute `clientExtensionResults` into an operation `getClientExtensionResults()`. by J.C. Jones https://github.com/w3c/webauthn/commit/b8c60278ad53479d03a2247e1360c33869f58e92 * fixup algs contd 3 (#498) * do not call authenticatorMakeCredential() with separate |rpId| fixes #466 * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * fixup global object reference per domenic, improves #472 * indent 4.1.4 step 18et al to clarify relation to prior step * fix line indent * do not call authenticatorMakeCredential() with separate |rpId| fixes #466 * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * fixup global object reference per domenic, improves #472 * indent 4.1.4 step 18et al to clarify relation to prior step * fix line indent * post rebase-on-master, fix dangling MakeCredentialOptions * fix error in resolving rebase conflicts * further rebase conflict resolution error fixups * convert switch steps to colon-denotation * tag 'while' * primary changes for improving #472 mostly complete * further issue #472 cleanups * del 'cancel the timer' from #creatCredential fixes #535 * polish constructResultantCredentialCallback method description * incorp comments from mikewest at webappsec-credential-management/pull/100 * rebased onto master * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * fixup global object reference per domenic, improves #472 * indent 4.1.4 step 18et al to clarify relation to prior step * fix line indent * do not call authenticatorMakeCredential() with separate |rpId| fixes #466 * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * post rebase-on-master, fix dangling MakeCredentialOptions * fix error in resolving rebase conflicts * convert switch steps to colon-denotation * tag 'while' * primary changes for improving #472 mostly complete * further issue #472 cleanups * polish constructResultantCredentialCallback method description * incorp comments from mikewest at webappsec-credential-management/pull/100 * fix indents make BS happy, add some periods * fix code tags placement * correct bugs in prior merge conflict resolution, doh * rm 'the bytes of' * add missing @@EDITOR-ANCHOR-01A * auto-number some steps * re- fix #466 (due to merge-from-master), fix #536 * eliminate callback and just return an algorithm from #createCredential * continue fix conflicts from merge from master * fix a couple of issue #466 stragglers in #op-make-cred * revert to prior AuthenticationExtensions language per jyasskin * add inline spec issue pointing to issue #657 * minor cleanups, remove issue wrt not explicitly returning |credentialCreationData| * fix annoying bikeshed warning wrt 'rpEntity' * correctly fix warning as well as other incorrect markup by =JeffH https://github.com/w3c/webauthn/commit/f1f54951d5e5bffc54bbaf971ef72f091c9cde74 * clarified the ECDAA signing procedure. Close #591 (#641) * clarified the ECDAA signing procedure. Close #591 * fix indent error * fix line-indentation make BS happy by Rolf Lindemann https://github.com/w3c/webauthn/commit/01aa320dfad02e768dbfdb2071191cce3e6e18d8 * Fix #574 - Change language for Create and Get to support hotplugging This is an incomplete fix; a full fix is intended to be handled in Issue #613. This reorders the Create and Get operations to indicate that the algorithms for interacting with devices should be applied as devices are hotplugged / arrive. It does not specify what happens when devices are removed, nor does it use precise language. I'm not sure what language would be appropriate in this world, so this patch is just to make things "better" not "correct". Resolve @equalsJeffH's comments: 1. Define |lifetimeTimer| and make it available to the line that starts the hotplugging 2. Use the |lifetimeTimer| for references later in those algorithms to reduce confusion 3. Reword the Notes 4. Change the Notes to Issues by J.C. Jones https://github.com/w3c/webauthn/commit/6e0716f1f38c7a89b4bc8d1539d215e43b6a6bf0 * Address @AngeloKai's comments by J.C. Jones https://github.com/w3c/webauthn/commit/7bc3a3e7bb24fbb9c3def88ffd956f47a78226c0 * Address @AngeloKai's comments about lifetimeTimer by J.C. Jones https://github.com/w3c/webauthn/commit/df88d55d3c4d6133c744eaa4cab25a59571ecb84 * Last minute nitfixes by J.C. Jones https://github.com/w3c/webauthn/commit/83da7ff458cff646e9f8773a90a8f767b9c3f36d * Merge pull request #655 from jcjones/574-hotplugging Fix #574 - Change language for Create and Get to support hotplugging by J.C. Jones https://github.com/w3c/webauthn/commit/579f6cfe6247606ca7e1ffb455ad9964a4ee9c80 * Change |rpId| to rpEntity.id by Johan Verrept https://github.com/w3c/webauthn/commit/be4c139c8bdf0bc1fab835d63194fcf8b527b814 * Fix #560: ensure #registering-a-new-credential step 10 and the inputs to all attStmt types' verification procedures match (#639) * Fix #560 * Address review comments * Link [=authenticator data=] in <dfn>auth...data claimed...attestation</dfn> * Define attestation trust path by Emil Lundberg https://github.com/w3c/webauthn/commit/e9a9c33d30505f9ab9860a3f292cd1283fb97f80 * Fix getAssertion too. by Johan Verrept https://github.com/w3c/webauthn/commit/4794adbb4ad20e4c0543ad7fb203149c0ce5fda9 * In this case it is |rpId| by Johan Verrept https://github.com/w3c/webauthn/commit/a242e6a93c6874741385db1943c5e5cef82a9264 * fix #657: where does return value of PublicKeyCredential.getClientExtensionResults() come from? by JeffH https://github.com/w3c/webauthn/commit/5c8dc4923ec502bc43bc3fff4f47070e1d5c26d9 * grammar fix by JeffH https://github.com/w3c/webauthn/commit/5ea8a285b1af248c275a3dd0d471469fbfe32571 * Merge pull request #662 from w3c/jeffh-fixup-algs-contd-5 fix #657: where does return value of PublicKeyCredential.getClientExtensionResults() come from? by J.C. Jones https://github.com/w3c/webauthn/commit/bcb5c110968ae4d3c410a62440b254bf161fd121 * Improved language. by Johan Verrept https://github.com/w3c/webauthn/commit/af041112f1644967731fc340c0ac1bee74e2cea9 * Fix up makeCredential with the same fixes. Also added a reference to the list item back in the correct place. by Johan Verrept https://github.com/w3c/webauthn/commit/558c01377e5e1cc386fa9cf4c335af528ff7bc04 * Update index.bs by Johan Verrept https://github.com/w3c/webauthn/commit/e051327afd111b69bfd741942b24a139efbe7ebe * Fix indent. by Johan Verrept https://github.com/w3c/webauthn/commit/6e5f27fb19aebd99583c77c8f4ceb70b8bba54ff * Define Public Key Credential Source and Credential ID. (#620) This also redefines "Public Key Credential" to cover private keys, public keys, and assertions, as a willful violation of RFC4949. Credential ID is defined to explicitly include the possibility that it's the encrypted Credential Source. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/c647b7099dfc78dcab15998783971efa1ea67987 * Sensible limits for RP and User Entity fields. (#667) by Akshay Kumar https://github.com/w3c/webauthn/commit/0418f3eeb054b57bc541bbf57f689959ae154cd3 * Make PublicKeyCredentialEntity hierarchy required members required in IDL This resolves #587. Summary: - Make member `PublicKeyCredentialEntity.name` required - Make member `PublicKeyCredentialUserEntity.id` required - Make member `PublicKeyCredentialUserEntity.displayName` required - Remove algorithm step from _§5.1.3 Create a new credential_ that instructed to throw an exception if any of the above members were missing by Emil Lundberg https://github.com/w3c/webauthn/commit/9f5df060fc78da739e408e4aff2e7edd165e6fe3 * Merge pull request #651 from jovasco/patch-1 Only exclude CredIDs matching the RPID by J.C. Jones https://github.com/w3c/webauthn/commit/625bd7acf014bb1664d2b8852883d83dba96b944 * Merge pull request #669 from w3c/issue-587 Fix #587: Make PublicKeyCredentialEntity members required in IDL by J.C. Jones https://github.com/w3c/webauthn/commit/7153b55e8cd8e1bad5b5f57ee1eb7da158695361 * Make create() and get() abortable (#544) * do not call authenticatorMakeCredential() with separate |rpId| fixes #466 * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * fixup global object reference per domenic, improves #472 * indent 4.1.4 step 18et al to clarify relation to prior step * fix line indent * do not call authenticatorMakeCredential() with separate |rpId| fixes #466 * credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472 * fixup global object reference per domenic, improves #472 * indent 4.1.4 step 18et al to clarify relation to prior step * fix line indent * post rebase-on-master, fix dangling MakeCredentialOptions * fix error in resolving rebase conflicts * further rebase conflict resolution error fixups * convert switch steps to colon-denotation * tag 'while' * primary changes for improving #472 mostly complete * further issue #472 cleanups * del 'cancel the timer' from #creatCredential fixes #535 * polish constructResultantCredentialCallback method description * marked authenticator model section as non-normative * marked relying party operation section as non-normative * fix proper subset tweak * Added abort signal object and steps to webauthn * fixed a minor issue with linking * add minor edits to focus on the main things * getting the blank line correct * Added a example section to explain how abort should be used * fix up example * committing before computer dies * updated grammars of the example based on feedback * update example text * Updated with the section on switching tab; complete the PR * minor tweak * finished polishing the spec * whoops one leftover * finally figured out how to remove last two linking errors * take out abortsignal from extension; edit promise rejection by Angelo Liao https://github.com/w3c/webauthn/commit/931b46eece69f5d780ce4b317e3a377a3a67f85c * fix #254: credman alignment: update #getAssertion section a la PR #498 (#665) * actually improve #254, and fix #661 * DiscoFrmExtSource(options) -> (origin, options) * make [[DiscoFrmExtSource]]'s exposition match [[Create]]'s * deal with yet another fix #254 straggler in [[Create]] * get rid of |global| in [[DiscoFrmExtSource]] * remove 'in parallel' and 'global' stuff from #discover-from-external-source alg * work on #discover-from-external-source alg to improve #254 * finish (one hopes) work on #discover-from-external-source alg to fix #254 * minor editorial * repair #createCredential intro parag, improves issue #671 * complete fix #671 by =JeffH https://github.com/w3c/webauthn/commit/d468a75b6a723867d24add0bd01bd7225acbcdbf * Modify SafetyNet descriptive text (#643) * Update index.bs Biometric Selection Criteria extension * Update index.bs * Update index.bs * Update index.bs * Update index.bs by gmandyam https://github.com/w3c/webauthn/commit/0e93926d7c77afd07e75002880f15b53e5137bf2 * replaced authenticatio key by credential private key. Close #590 by rlin1 https://github.com/w3c/webauthn/commit/63564a4ff5261dcd7f1e2e626ce81b7b96ebeb2f * use the registered ext ids in examples by rlin1 https://github.com/w3c/webauthn/commit/40875f1e798bac1cd7f6393c16da39d671e32ebb * Merge pull request #676 from w3c/fix-590 replaced authentication key by credential private key. Close #590 by J.C. Jones https://github.com/w3c/webauthn/commit/cffd22fddf9aec528e30a03548b55146bac13efd * Updated authnr def (#678) * updated the definition of authenticator * updated according to comment by Rolf Lindemann https://github.com/w3c/webauthn/commit/1194ce5b3204240561e0e075342d3ea303c40d4c * Clarify semantics of isPlatformAuthenticatorAvailable This closes #627. by balfanz https://github.com/w3c/webauthn/commit/474d0254a0d1db20d77da89b10a5c124148b75d3 * changing name of method changing name of method to isUserVerifyingPlatformAuthenticatorAvailable by balfanz https://github.com/w3c/webauthn/commit/25a35a9229825dec100e9e65dcf3647c24d6001c * adding references Added references to the definition of user verification. by balfanz https://github.com/w3c/webauthn/commit/1dd484021d437d9046b1b65e90c8b0880a5f6606 * Merge pull request #680 from w3c/balfanz-patch-5 Clarify semantics of isPlatformAuthenticatorAvailable by balfanz https://github.com/w3c/webauthn/commit/66c2ec950171b2d47d32ca5025d681e710f6e139 * Fix attestation types supported for each format by J.C. Jones https://github.com/w3c/webauthn/commit/5f4f3e64ae77843d50f85b2f5b632a47f0088c00 * Merge pull request #677 from w3c/consistent-extension-ids-588 use the registered ext ids in examples by J.C. Jones https://github.com/w3c/webauthn/commit/52f3d9ed3c63746728b3c73b72ab7f9899253fbe * Fix uvm 368 (#675) * fix copy and paste error * improve wording by Rolf Lindemann https://github.com/w3c/webauthn/commit/31ddb22449a62bcb05b901234fb29a80281953a6 * Adding a type field to CollectedClientData by balfanz https://github.com/w3c/webauthn/commit/fa787d0238cb97a1535219b2a77d5361f116522d * adding RP processing rules. by balfanz https://github.com/w3c/webauthn/commit/fda86222f8fb5b2f879bbdb2b9f093299dd42241 * Added explanation... ...as to what this new field is for. by balfanz https://github.com/w3c/webauthn/commit/59683f65dbd7c89234d858d6eef5d598f76e9c23 * Merge pull request #682 from w3c/balfanz-patch-5 Adding a type field to CollectedClientData by balfanz https://github.com/w3c/webauthn/commit/cd591289dfaa8bde2ef729321c5fe9ae943cdc2a * Nit: "set" -> "pair" by Emil Lundberg https://github.com/w3c/webauthn/commit/641eed3514e210e2ead67a26c6ed3ef259f5383f * Merge pull request #684 from emlun/nit0 Tiny nit: "pair of cryptographic keys" instead of "set of cryptographic keys" by J.C. Jones https://github.com/w3c/webauthn/commit/e09e0c3d05803018eb6f8841a16a9e436433d3cc * Merge branch 'master' into balfanz-patch-4 by balfanz https://github.com/w3c/webauthn/commit/31728d316647d93fe26922115a41e982be5abb1d
Received on Saturday, 11 November 2017 23:27:54 UTC