- From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
- Date: Wed, 11 Oct 2017 17:50:55 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by rlin1 to https://github.com/w3c/webauthn: * Plumb User ID through We need to plumb the custom user id that the RP gave the authenticator during MakeCredential back through to the RP when doing getAssertion. by christiaanbrand https://github.com/w3c/webauthn/commit/ac89087f42ac3875f5dde3d581c1c85bc830609c * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/3e0d2915aab90bccbd7d8ae89aa484db4fb712e8 * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/c96b64bee7bbd918317d5a6b3865fc8f10f280d4 * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/f6499b2a7f85b2f2d3a14efda265f2fb75f94bf0 * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/0ce6b12b54d40a34c1ea535d2c59555677921b18 * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/92f4b3218a8aa711e39a4385e87d48c3bf25618c * Remove user agent getting user consent sentence (#553) Closes #552 by Alexei Czeskis https://github.com/w3c/webauthn/commit/eb401b78e218af43715e426ea1825fc14966113d * using descriptive names for authenticator selection criteria (#555) Since we don't directly send the values of the AuthenticatorSelectionCriteria dictionary keys over the wire, it's ok to leave these values in a human-readable form. by balfanz https://github.com/w3c/webauthn/commit/dcf793928221b1883f4c9ac4dd5264b570606e52 * Update index.bs by Alexei Czeskis https://github.com/w3c/webauthn/commit/5e2f228d76005a767f2c4e94f1af6b8c2c7d717d * Fix Android attestation (#546) * Fix Android attestation Android attestation had a circular dependency on the public key: The authenticatorData has a public key that was originally intended to be stuck in the ChallengeData for generating a new keypair. When calling this function the public key isn't available to us yet. We have made a change to bring this in line with other attestation formats (ie. packed attestation). * Update index.bs * Update index.bs by christiaanbrand https://github.com/w3c/webauthn/commit/db1be8059b02cb8981fbe0229f6d1eebaedb9505 * Update index.bs by Alexei Czeskis https://github.com/w3c/webauthn/commit/25dfc77228d74440711ff36ff72b81ba77e40669 * Update index.bs by Alexei Czeskis https://github.com/w3c/webauthn/commit/f6f85172b064d72ca036fede2ff67188ac888a76 * Clarify Safetynet attestation return value Clarify the encoding of SafetyNet attestation as a UTF8 encoded string. Closes #563 by christiaanbrand https://github.com/w3c/webauthn/commit/6e45cc14c885fa3196519484ee6a08a419a31576 * Clarifying signing procedure for U2F attestation This closes #530 by balfanz https://github.com/w3c/webauthn/commit/5502d42d31d1aa5b6bc79f686cfecf0c6dbf04f5 * Address security and privacy issues witht the iconURL (#545) * fix proper subset tweak * added a priori constraint on iconURL per credman spec * reference the CR version of Mixed Content instead of editors draft by Angelo Liao https://github.com/w3c/webauthn/commit/f37cfc5dfd074832ab61ed299d1ee7d2a6f5c724 * Clarify excludeCredentialDescriptorList (#573) Add more clarity around the use of excludeCredentialDescriptorList. Closes #567. by Christiaan Brand https://github.com/w3c/webauthn/commit/67e922c011aeb2668fd7adfaf75d7f3b7a28cb6c * Fix reference to UTF8 by Christiaan Brand https://github.com/w3c/webauthn/commit/ee912eeef7cccfb95197938253c956619bb3a8ca * Fix #577 - CDDL for attStmtTemplate is ambiguous There are multiple definitions of `attStmtType`; the template defines it to be `bytes`, while each concrete instance of the template defines it as a map. This clarifies that it is always a map, since the ".within" control operator for CDDL defines that the socket `$$attStmtType` to be the superset of `attStmtTemplate`. [1] [1] https://tools.ietf.org/html/draft-ietf-cbor-cddl-00#section-3.8.5 by J.C. Jones https://github.com/w3c/webauthn/commit/3e86e705a5ad41f163df76649370e13c5045fb73 * Fix syntax errors in JavaScript examples. by James Barclay https://github.com/w3c/webauthn/commit/4aa72b65ac0a05e8e21ed64d34249a3eae916eed * Clean up COSEAlgorithmIdentifier loose ends (#580) Clean up COSEAlgorithmIdentifier loose ends by Mike Jones https://github.com/w3c/webauthn/commit/2ec526743c1fe42ea602fa31d47eed9800a0daf9 * Make user.id a byte array (#586) Make user.id a byte array by Mike Jones https://github.com/w3c/webauthn/commit/26552c41d086f46be877018dc2c8b059178ccaec * Corrected inaccuracy in authenticator extension processing description by Mike Jones https://github.com/w3c/webauthn/commit/0141d97cd79d1bf869b47eb72d4552b729a0ec5c * Merge pull request #571 from w3c/balfanz-patch-2 Clarifying signing procedure for U2F attestation by Christiaan Brand https://github.com/w3c/webauthn/commit/96b9a982b235144816abaaa6517d364eef8dd824 * Merge pull request #572 from christiaanbrand/patch-4 Clarify Safetynet attestation return value by Christiaan Brand https://github.com/w3c/webauthn/commit/6589a1013cd776da57d704eb8508fcd53fa6cc88 * Merge pull request #595 from futureimperfect/master Fix syntax errors in JavaScript examples. by Christiaan Brand https://github.com/w3c/webauthn/commit/d96d7668a53bfc463968bedc9d9b95cd64add262 * Merge pull request #596 from selfissued/mbj-extension-description-tweak Corrected inaccuracy in authenticator extension processing description by Christiaan Brand https://github.com/w3c/webauthn/commit/3ee8ed586c2ce62f7a4180cb9dcf0d8d8e5f87cc * Change user id to user handle by Christiaan Brand https://github.com/w3c/webauthn/commit/e63537fcc62af6f0f9768d0e992bf0627b8f6f7b * Add Vagrantfile for a VM with bikeshed installed by Emil Lundberg https://github.com/w3c/webauthn/commit/17539f571cff60af8bbe236f958aa023d917fd45 * Merge pull request #558 from christiaanbrand/patch-2 Plumb User ID through by Christiaan Brand https://github.com/w3c/webauthn/commit/23b91fbb455dd3cc84e071c0dab50a3570beea79 * Merge branch 'master' into sign-counter-alg-507 by rlin1 https://github.com/w3c/webauthn/commit/1f0d783dbc9c459098d50da551c4cfbf5ff8d02b * Updates per jyasskin review, referencing CDDL 3.5.1 https://tools.ietf.org/html/draft-ietf-cbor-cddl-00#page-18 by J.C. Jones https://github.com/w3c/webauthn/commit/5630b47a7d08b291607ed1c4215afea4c0091fed * Merge pull request #581 from jcjones/577-cddl_attStmt_type Fix #577 - CDDL for attStmtTemplate is ambiguous by J.C. Jones https://github.com/w3c/webauthn/commit/0cae38154c59cf4760e7dfed00f2c44e298f8c9f * Number the steps in the authenticator operations. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/089c10e16bdcda0bd75db1d7f1d6a2be21304e08 * Merge pull request #612 from emlun/vagrant-bikeshed Tools: Add Vagrantfile for a VM with bikeshed installed by J.C. Jones https://github.com/w3c/webauthn/commit/670ecb37e810efaa527f2068685315e32204912b * Fix #609: Formally define User Handle (#616) - Formally define User Handle - Rename "user id" and similar terms to "user handle" everywhere - Change name and type of `AuthenticatorAssertionResponse` field `DOMString userId` to `ArrayBuffer userHandle` - `PublicKeyCredentialUserEntity.id` is not renamed, but it is now referred to as the "user handle" This does not: - Formally define the term "user account". - Improve the privacy considerations around returning `userHandle`, as suggested in #578. by Emil Lundberg https://github.com/w3c/webauthn/commit/e74d8c4da2813559086fa32a28bdc6c576d54c1f * Rewrite Generating an Attestation Object as an algorithm. (#600) This replaces the "first generate the authenticator data" step with an input because that's how it's called. by Jeffrey Yasskin https://github.com/w3c/webauthn/commit/8b23fb85f33c03e0420fb8182d9d774012546fd9 * resolved auto-merge conflicts by rlin1 https://github.com/w3c/webauthn/commit/6062acb510d4cfe1e3045a04bc100e95f95b27fa
Received on Wednesday, 11 October 2017 17:50:54 UTC