W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

[webauthn] new commits pushed by rlin1

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Wed, 11 Oct 2017 17:50:55 +0000
To: public-webauthn@w3.org
Message-ID: <push-6062acb510d4cfe1e3045a04bc100e95f95b27fa-1507744240-sysbot+gh@w3.org>

The following commits were just pushed by rlin1 to https://github.com/w3c/webauthn:

* Plumb User ID through

We need to plumb the custom user id that the RP gave the authenticator during MakeCredential back through to the RP when doing getAssertion.
  by christiaanbrand
https://github.com/w3c/webauthn/commit/ac89087f42ac3875f5dde3d581c1c85bc830609c

* Update index.bs
  by christiaanbrand
https://github.com/w3c/webauthn/commit/3e0d2915aab90bccbd7d8ae89aa484db4fb712e8

* Update index.bs
  by christiaanbrand
https://github.com/w3c/webauthn/commit/c96b64bee7bbd918317d5a6b3865fc8f10f280d4

* Update index.bs
  by christiaanbrand
https://github.com/w3c/webauthn/commit/f6499b2a7f85b2f2d3a14efda265f2fb75f94bf0

* Update index.bs
  by christiaanbrand
https://github.com/w3c/webauthn/commit/0ce6b12b54d40a34c1ea535d2c59555677921b18

* Update index.bs
  by christiaanbrand
https://github.com/w3c/webauthn/commit/92f4b3218a8aa711e39a4385e87d48c3bf25618c

* Remove user agent getting user consent sentence (#553)

Closes #552
  by Alexei Czeskis
https://github.com/w3c/webauthn/commit/eb401b78e218af43715e426ea1825fc14966113d

* using descriptive names for authenticator selection criteria (#555)

Since we don't directly send the values of the AuthenticatorSelectionCriteria dictionary keys over the wire, it's ok to leave these values in a human-readable form.
  by balfanz
https://github.com/w3c/webauthn/commit/dcf793928221b1883f4c9ac4dd5264b570606e52

* Update index.bs
  by Alexei Czeskis
https://github.com/w3c/webauthn/commit/5e2f228d76005a767f2c4e94f1af6b8c2c7d717d

* Fix Android attestation (#546)

* Fix Android attestation

Android attestation had a circular dependency on the public key: The authenticatorData has a public key that was originally intended to be stuck in the ChallengeData for generating a new keypair. When calling this function the public key isn't available to us yet. We have made a change to bring this in line with other attestation formats (ie. packed attestation).

* Update index.bs

* Update index.bs
  by christiaanbrand
https://github.com/w3c/webauthn/commit/db1be8059b02cb8981fbe0229f6d1eebaedb9505

* Update index.bs
  by Alexei Czeskis
https://github.com/w3c/webauthn/commit/25dfc77228d74440711ff36ff72b81ba77e40669

* Update index.bs
  by Alexei Czeskis
https://github.com/w3c/webauthn/commit/f6f85172b064d72ca036fede2ff67188ac888a76

* Clarify Safetynet attestation return value

Clarify the encoding of SafetyNet attestation as a UTF8 encoded string. Closes #563
  by christiaanbrand
https://github.com/w3c/webauthn/commit/6e45cc14c885fa3196519484ee6a08a419a31576

* Clarifying signing procedure for U2F attestation

This closes #530
  by balfanz
https://github.com/w3c/webauthn/commit/5502d42d31d1aa5b6bc79f686cfecf0c6dbf04f5

* Address security and privacy issues witht the iconURL (#545)

* fix proper subset tweak

* added a priori constraint on iconURL per credman spec

* reference the CR version of Mixed Content instead of editors draft
  by Angelo Liao
https://github.com/w3c/webauthn/commit/f37cfc5dfd074832ab61ed299d1ee7d2a6f5c724

* Clarify excludeCredentialDescriptorList (#573)

Add more clarity around the use of excludeCredentialDescriptorList. Closes #567.
  by Christiaan Brand
https://github.com/w3c/webauthn/commit/67e922c011aeb2668fd7adfaf75d7f3b7a28cb6c

* Fix reference to UTF8
  by Christiaan Brand
https://github.com/w3c/webauthn/commit/ee912eeef7cccfb95197938253c956619bb3a8ca

* Fix #577 - CDDL for attStmtTemplate is ambiguous

There are multiple definitions of `attStmtType`; the template defines it
to be `bytes`, while each concrete instance of the template defines it
as a map. This clarifies that it is always a map, since the ".within" control
operator for CDDL defines that the socket `$$attStmtType` to be the superset of
`attStmtTemplate`. [1]

[1] https://tools.ietf.org/html/draft-ietf-cbor-cddl-00#section-3.8.5
  by J.C. Jones
https://github.com/w3c/webauthn/commit/3e86e705a5ad41f163df76649370e13c5045fb73

* Fix syntax errors in JavaScript examples.
  by James Barclay
https://github.com/w3c/webauthn/commit/4aa72b65ac0a05e8e21ed64d34249a3eae916eed

* Clean up COSEAlgorithmIdentifier loose ends (#580)

Clean up COSEAlgorithmIdentifier loose ends
  by Mike Jones
https://github.com/w3c/webauthn/commit/2ec526743c1fe42ea602fa31d47eed9800a0daf9

* Make user.id a byte array (#586)

Make user.id a byte array
  by Mike Jones
https://github.com/w3c/webauthn/commit/26552c41d086f46be877018dc2c8b059178ccaec

* Corrected inaccuracy in authenticator extension processing description
  by Mike Jones
https://github.com/w3c/webauthn/commit/0141d97cd79d1bf869b47eb72d4552b729a0ec5c

* Merge pull request #571 from w3c/balfanz-patch-2

Clarifying signing procedure for U2F attestation
  by Christiaan Brand
https://github.com/w3c/webauthn/commit/96b9a982b235144816abaaa6517d364eef8dd824

* Merge pull request #572 from christiaanbrand/patch-4

Clarify Safetynet attestation return value
  by Christiaan Brand
https://github.com/w3c/webauthn/commit/6589a1013cd776da57d704eb8508fcd53fa6cc88

* Merge pull request #595 from futureimperfect/master

Fix syntax errors in JavaScript examples.
  by Christiaan Brand
https://github.com/w3c/webauthn/commit/d96d7668a53bfc463968bedc9d9b95cd64add262

* Merge pull request #596 from selfissued/mbj-extension-description-tweak

Corrected inaccuracy in authenticator extension processing description
  by Christiaan Brand
https://github.com/w3c/webauthn/commit/3ee8ed586c2ce62f7a4180cb9dcf0d8d8e5f87cc

* Change user id to user handle
  by Christiaan Brand
https://github.com/w3c/webauthn/commit/e63537fcc62af6f0f9768d0e992bf0627b8f6f7b

* Add Vagrantfile for a VM with bikeshed installed
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/17539f571cff60af8bbe236f958aa023d917fd45

* Merge pull request #558 from christiaanbrand/patch-2

Plumb User ID through
  by Christiaan Brand
https://github.com/w3c/webauthn/commit/23b91fbb455dd3cc84e071c0dab50a3570beea79

* Merge branch 'master' into sign-counter-alg-507
  by rlin1
https://github.com/w3c/webauthn/commit/1f0d783dbc9c459098d50da551c4cfbf5ff8d02b

* Updates per jyasskin review, referencing CDDL 3.5.1

https://tools.ietf.org/html/draft-ietf-cbor-cddl-00#page-18
  by J.C. Jones
https://github.com/w3c/webauthn/commit/5630b47a7d08b291607ed1c4215afea4c0091fed

* Merge pull request #581 from jcjones/577-cddl_attStmt_type

Fix #577 - CDDL for attStmtTemplate is ambiguous
  by J.C. Jones
https://github.com/w3c/webauthn/commit/0cae38154c59cf4760e7dfed00f2c44e298f8c9f

* Number the steps in the authenticator operations.
  by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/089c10e16bdcda0bd75db1d7f1d6a2be21304e08

* Merge pull request #612 from emlun/vagrant-bikeshed

Tools: Add Vagrantfile for a VM with bikeshed installed
  by J.C. Jones
https://github.com/w3c/webauthn/commit/670ecb37e810efaa527f2068685315e32204912b

* Fix #609: Formally define User Handle (#616)

- Formally define User Handle
- Rename "user id" and similar terms to "user handle" everywhere
- Change name and type of `AuthenticatorAssertionResponse` field `DOMString userId` to `ArrayBuffer userHandle`
- `PublicKeyCredentialUserEntity.id` is not renamed, but it is now referred to as the "user handle"

This does not:

- Formally define the term "user account".
- Improve the privacy considerations around returning `userHandle`, as suggested in #578.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e74d8c4da2813559086fa32a28bdc6c576d54c1f

* Rewrite Generating an Attestation Object as an algorithm. (#600)

This replaces the "first generate the authenticator data" step with an input
because that's how it's called.
  by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/8b23fb85f33c03e0420fb8182d9d774012546fd9

* resolved auto-merge conflicts
  by rlin1
https://github.com/w3c/webauthn/commit/6062acb510d4cfe1e3045a04bc100e95f95b27fa
Received on Wednesday, 11 October 2017 17:50:54 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC