- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Tue, 28 Aug 2018 17:27:50 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by equalsJeffH to https://github.com/w3c/webauthn:
* Renamed timeoutSeconds to timeoutMilliseconds as specified in issue 299
by AngeloKai
https://github.com/w3c/webauthn/commit/6f2f11af01901fcbced7bc597fb47ec3ce06f706
* Sync with W3C master
by AngeloKai
https://github.com/w3c/webauthn/commit/0338bee04f119f2c0d44ead209549820ed9813a1
* keep consistent idl format
by AngeloKai
https://github.com/w3c/webauthn/commit/ad4ace23bffd174102bff6f2300cea93389e3029
* Merge branch 'master' into angelo-timeout
by AngeloKai
https://github.com/w3c/webauthn/commit/b20d7841dc07b4855d496ae204d00d7ebf6aebd5
* Change timeoutMillisecond to timeout
by AngeloKai
https://github.com/w3c/webauthn/commit/8c4d907f95a3cea43ca451cc9c95bb5a87184f59
* Fixed sample code due to changes to timeout
by AngeloKai
https://github.com/w3c/webauthn/commit/8d842cc7fca8a5e97fca9594ce32ba2d12431838
* Merge recent update to the sample code section
by AngeloKai
https://github.com/w3c/webauthn/commit/186b3d9031c65a0f446e46cce3d420f789975365
* Merged changes from master
by AngeloKai
https://github.com/w3c/webauthn/commit/1414c2fd59ed83097405cdb3ee5e28ac6773dd3a
* Add the member of back to the language in describing timeout
by AngeloKai
https://github.com/w3c/webauthn/commit/d34178d0cff1b6b920ef185fe89ef71f737045cc
* add verification gesture parameter to makeC and getA
by AngeloKai
https://github.com/w3c/webauthn/commit/345b8dcad1e12001be634afbe5b365e26d59d63e
* Ensure the order of parameters are consistent throughout the spec
by AngeloKai
https://github.com/w3c/webauthn/commit/bb4ad64b3394f2c3f3e3fb481955e32f96bf1c2d
* fixed minor merge issue
by AngeloKai
https://github.com/w3c/webauthn/commit/485c430596ea9910f70ae9f2cdc02e08b176cdb3
* Remove a bunch of unnecessary dfns and anchors.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/0ac1661801e6ca45763fae229aa8419f1bc24afb
* Fix up links to HTML, WebCrypto, and Infra.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/4d69ff60d734fd51ef2cbae52e9b458566f7ba77
* Link DOMException names.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/e97c8927e82395008b1a79add22654b7a708345c
* Remove a <div> with no attributes.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/aa6b013390daafc4c8a487273bea5c1ce1fab127
* updated the reference to FIDO ECDAA
by rlin1
https://github.com/w3c/webauthn/commit/b65aea51738164e604f4100f40e5320f8a0e4d0a
* Merge pull request #356 from w3c/updated-ecdaa-ref
updated the reference to FIDO ECDAA
by Rolf Lindemann
https://github.com/w3c/webauthn/commit/cc73187dcd84cc70cbbcc095665277f70bdf1b82
* Merge pull request #336 from jyasskin/fix-refs
Fix up several linking mistakes. merging per discussion on webauthn call today.
by =JeffH
https://github.com/w3c/webauthn/commit/0c1a498ecf69e1b0431c2c674020aba2c4c709a5
* Bug #256 - Change "relaxing" of RP to the HTML "registrable suffix" algorithm
- Rebased on top of PR 336's linking changes
- Updates from review by jyasskin and equalsJeffH
- Catches a couple extra un-linked DOMExceptions
- Refers to the new "is a registrable domain suffix of or is equal to" algorithm
in WHATWG HTML [1]
- Note, there is still a linking error after a bikeshed update, but I'm
guessing that change is so new that's not in the bikeshed metadata yet, so
I'm going to leave it for now and hope it fixes itself.
[1] https://html.spec.whatwg.org/multipage/browsers.html#is-a-registrable-domain-suffix-of-or-is-equal-to
by J.C. Jones
https://github.com/w3c/webauthn/commit/f63a368a9059fba761cdef0565bb99b7a94255e8
* Use a numbered list for the second level, per jyasskin
by J.C. Jones
https://github.com/w3c/webauthn/commit/6160b5b3edf3b13cc9e4c3336614d6ea1515a165
* Update bikeshed spec-data to include the new algorithm references
by J.C. Jones
https://github.com/w3c/webauthn/commit/a251aa534727af98fbfeae523d218b43a88c19f4
* Merge pull request #319 from jcjones/256-fix_reference_to_relax_algorithm
Bug #256 - Clarify call of the "Relaxing the Same-Origin Restriction" algorithm
by J.C. Jones
https://github.com/w3c/webauthn/commit/22a559f8db50f5d3854bc358c2590834298d436a
* Make makeCredential() more precise. (#347)
* Make makeCredential() more precise.
I've linked a lot more terms, reordered explanations to be clearer, and
specified some missing behavior.
This fixes #273 and improves #270.
* Treat rpId as an origin.
* Go parallel later in makeCredential().
This fixes #263 and fixes half of #254.
* Fix #265.
* Fix #266.
* Fix annevk's and equalsJeffH's comments.
* Refer to #362.
* Improve processing of unsupported extensions.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/546f82fccf9d676c49a0af109a7f11c563b09ae0
* Make hashAlg a "recognized algorithm name". (#352)
* Make `hashAlg` a recognized algorithm name for a digest algorithm.
This drops the use of "S256", etc.
* Remove the IANA section for S256, etc.
This didn't really fit anyway since SHA-256, etc are digests not "Cryptographic
Algorithms for Digital Signatures and MACs".
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/c42a822a357c1697c999d930106ed666f78261c5
* refine user verification and authz gesture definitions, add Test of User Presence (#365)
* refine user verif and authz gesture, fixes #357, improves #358
* further polish #357
* fix build: add comma to refs
* improve ceremony dfn, add Angelo to ACKs
* refine user verification dfn
* fix build by adding the proverbial missing comma...
* polish 'user consent' dfn per jcjones comment
by =JeffH
https://github.com/w3c/webauthn/commit/7ccb88203be7b7d521d9fe000ceb4e61cf980a0c
* Refine makeCredential description (#369)
* Refine makeCredential description
As per my comments on #347
* Incorporate feedback from JeffH, part 1
* Incorporate feedback from JeffH, part 2
Use "client data" and "authenticator data" instead of "ClientData" and
"authenticatorData".
* Incorporate feedback from JeffH, part 3
Tag all instances of "client data", "authenticator data" and
"attestation data".
by Vijay Bharadwaj
https://github.com/w3c/webauthn/commit/aee0c081ff073637a67070cb4463877601181aba
* Jeffh canonicalize markup (#370)
* Refine makeCredential description
As per my comments on #347
* Incorporate feedback from JeffH, part 1
* [=scoped credential(s)=]
* [=authenticator=]
* [=[RP]=]
* [=Conforming User Agent=]
* [=[RPS]=]
* [=authenticators=]
* [=Web Authentication API=]
* [=Registration=]
* [=Authentication=]
* {{makeCredential()}} and {{getAssertion()}}
* [=User Verification=]
* [=Authentication Assertion=]
* [=authorization gesture=]
* [=user consent=]
* '<a>...</a>' to be '[=...=]' thru terminology section
* Incorporate feedback from JeffH, part 2
Use "client data" and "authenticator data" instead of "ClientData" and
"authenticatorData".
* Incorporate feedback from JeffH, part 3
Tag all instances of "client data", "authenticator data" and
"attestation data".
* [=present=]
* [=attestation object=]
* [=effective domain=]
* <a>...</a> replacement up to {#iface-credentialInfo}
* <a>...</a> replacement up to {#attestation-formats}
* <a>...</a> replacement thru rest of spec
* refined regex and caught <a>...</a> stragglers
* Fix two typos and some locally anomalous line lengths
Typos - weird character in "Subsequently" on line 84, "user
verification" missing on line 104 (old) / 102 (new).
by =JeffH
https://github.com/w3c/webauthn/commit/7bac171a7380ca2ce7fcd6deafb0fc28cc411174
* Fix broken TPM links
by Vijay Bharadwaj
https://github.com/w3c/webauthn/commit/4edcb919532767ff95dd671baa1cb353ea6ca82c
* fixup getAssertion, polish algorithms (#371)
* make getAssertion() more precise a la makeCredential
* fixes per vijaybh's review.
* 'was specd'=>'present/not present' fixes #251. + markup canonicalization fixups
* fixes some of the prior 'fixes' (haste made waste)
* fixes #267 wrt (not) empty lists
* fix #271
* fix another 'empty' thing
* update acks
* attempt resolution of #277
* fix getA() cutnpaste: ScopedCredentialOptions => AssertionOptions
* attempts improvement of #280
* cleanup fixes for #254 and #271
* fixing relevant origin bugs, thx vijaybh!
* polish token binding occurances
* apply global and task src to getA() fixes #277
by =JeffH
https://github.com/w3c/webauthn/commit/985f88e1effa1662117d88fd0f9f6eb09a4512c5
* replaced DAA root key by daaKeyId. Added proper references
by rlin1
https://github.com/w3c/webauthn/commit/0154cba00c7db5a6d8c9fa895a7f52bc7918890d
* fix typo. See #233
by rlin1
https://github.com/w3c/webauthn/commit/9d8ac42c62238e08a48e16d62c773858b628ecb7
* Tiny typo in 'ScopedCredentialDesciptor'.
by Mike West
https://github.com/w3c/webauthn/commit/3b5138df0473bac2f20dc3927d3a5499884971b4
* Create a combined interface for authenticator responses.
by Mike West
https://github.com/w3c/webauthn/commit/6c38d023cb73df5a84a73432ac3d9f19dc736d7c
* Invert the relationship between ScopedCredential and AuthenticatorAssertionResponse.
by Mike West
https://github.com/w3c/webauthn/commit/6074c50f164f1d60f709d445173e3cafa48c46ed
* Change 'makeCredential' to return a 'ScopedCredential'.
by Mike West
https://github.com/w3c/webauthn/commit/524f8ac00f0c3c77b7f8606da2107b4ab4cf4e83
* Move 'makeCredential()' to 'ScopedCredential'.
by Mike West
https://github.com/w3c/webauthn/commit/146f2c0d49be7ba59f5f43578abecce2303ca683
* Shift 'ScopedCredential' to derive from 'Credential'.
by Mike West
https://github.com/w3c/webauthn/commit/ab8d74e50493fbe9e49ebb439a2d29337d63cdf1
* Rename 'ScopedCred' to 'scoped' to align with CM API types.
by Mike West
https://github.com/w3c/webauthn/commit/394babd6d06280eba1201ce378e0b14c6652ce02
* Rename 'makeCredential()' to 'create()'.
by Mike West
https://github.com/w3c/webauthn/commit/46eff1a6dd98b5c1ed0370a37d898a1f93c64bd3
* Move 'getAssertion' to 'ScopedCredential'
This is a temporary step to get rid of WebAuthentication, and pave the way
to move to 'get()' in the next patch.
by Mike West
https://github.com/w3c/webauthn/commit/d9c8b743d98b826e785b7ebfcd3699cef0490d17
* Merge the arguments to 'getAssertion()'
In order to align with CredentialsContainer::get(), merge the challenge into 'AssertionOptions'
and rename 'AssertionOptions' to 'ScopedCredentialRequestOptions'.
by Mike West
https://github.com/w3c/webauthn/commit/fdf341adfde440a6596c3ad69529a63dfc25bd4e
* Rewire 'getAssertion' to 'get()'.
This relies on some things that aren't official yet, in particular the
[[Retrieve]](options, mediation) internal method defined at
https://w3c.github.io/webappsec-credential-management/base.html#dom-credential-retrieve-slot.
But I think it all works. :)
by Mike West
https://github.com/w3c/webauthn/commit/4d1317cb35b624145fb692a6849d26609345fe5a
* Typos in examples.
by Mike West
https://github.com/w3c/webauthn/commit/245c275ae2b55a57cb193d391de02a4bba03a4da
* Typo in headers (not enough #)
by Mike West
https://github.com/w3c/webauthn/commit/21be528ea2faa19d0d164cc8b98f34eca6fdf5ea
* Tiny typo in 'ScopedCredentialDesciptor'. (#383)
by Mike West
https://github.com/w3c/webauthn/commit/480d958aadde0602703a9a01c8daa96fe200e261
* alloc ArrayBuffers in correct global, fixes #293, thx bzbarsky (#377)
by =JeffH
https://github.com/w3c/webauthn/commit/be9240a66b18b1a564118374ed96ec7f77554898
* Merge remote-tracking branch 'origin/master' into cm-api-strawman
by Mike West
https://github.com/w3c/webauthn/commit/e04c5f0dafe5c3e27366e8c86d32415fa78a91a5
* Nits from @vijaybh's review.
by Mike West
https://github.com/w3c/webauthn/commit/b1e87ca8f5feb2685dc9d47f033207e5972f86cc
* Add battre@ to the acks.
by Mike West
https://github.com/w3c/webauthn/commit/926375a7bd87bfbd1f3494e1e270767f73e51c3f
* Nits from @battre.
by Mike West
https://github.com/w3c/webauthn/commit/c48c70bc9ca6183e4e473d4c02fcc5cbd6a6562a
* merged from master
by
https://github.com/w3c/webauthn/commit/6a6eafedf2fb742e2c236c581284a8ed266713bb
* removed user verification from assertion option and authenticator operations + add TUI
by
https://github.com/w3c/webauthn/commit/bc857de020900a3fc3973a65cf67602b5c5ccafa
* replaced DAA by ECDAA since this is the only variant we use here. See #233
by rlin1
https://github.com/w3c/webauthn/commit/bed7c2d610543064e2e3e2e1b5c77415534317cd
* Comments from @jyasskin
by Mike West
https://github.com/w3c/webauthn/commit/fedccedb468282665936264105fac6ee09e577cf
* Rename Account and ClientData fixes #312 (#344)
* Renaming Account and ClientData to RelyingPartyUserInfo and CollectedClientData
* Fix typo
* Updates to match WhatWG/W3C style
by kpaulh
https://github.com/w3c/webauthn/commit/dbce688512007c2a0d52ff3cac1f2e127c14844a
* Merge pull request #381 from w3c/DAA-root-key-233
replaced DAA root key by daaKeyId. Added proper references
by Rolf Lindemann
https://github.com/w3c/webauthn/commit/3351e05f4103836377b4d9b1411aac5b1bc263a5
* Merge remote-tracking branch 'origin/master' into cm-api-strawman
by Mike West
https://github.com/w3c/webauthn/commit/3a0ae84d055a0ee6374610a6fddcf1bfefe13013
* Typo: Fix a linking error after DAA merge. (#388)
by Mike West
https://github.com/w3c/webauthn/commit/84795c6bf1ea482488654e2eb02cb20f2852867d
* Align registries draft and WebAuthn draft and address extension issues (#386)
* Align registries draft and WebAuthn draft and address extension issues
* Correct section references in IANA Considerations section
* Incorporated feedback from Jeff Hodges
* <dfn> markup for reg & authn extension phrases & various cleanups
* Applied [=registration extension=] tag in more places
by Mike Jones
https://github.com/w3c/webauthn/commit/da9520ab40268541833f64e7436c128edb1aaa62
* add rendered -00d in .html .txt
by JeffH
https://github.com/w3c/webauthn/commit/9dac88b4378fe0d3bf4c79266325a4a90ba1f6a9
* link to webauthn editors draft, add rendered -00d in .html .txt
by JeffH
https://github.com/w3c/webauthn/commit/f25c38886f763f3cfc6307cfdde3d1c53bbb57a6
* unversion rendered -webauthn-registries files
by JeffH
https://github.com/w3c/webauthn/commit/e20767418f6671903740dd670037a78139318c18
* Merge pull request #390 from w3c/jeffh-registries-fixup
fix webauthn ref in -webauthn-registries to link to webauthn editors' draft
by Mike Jones
https://github.com/w3c/webauthn/commit/94a30ff2498b5ee8b2b0898c596e1e65a9b8a76a
* Merge remote-tracking branch 'origin/master' into cm-api-strawman
by Mike West
https://github.com/w3c/webauthn/commit/488ae317e87e1f5f3bed8d2f04abd17b4af81ecc
* Update on top of new method names.
by Mike West
https://github.com/w3c/webauthn/commit/1d84b9e3547a519c31c4a671fb44d142795a8787
* Reference CM API as a Dependency.
by Mike West
https://github.com/w3c/webauthn/commit/f49e915768636bae1d31fd5d74fe8c7cffff1b6b
* Introduce authenticator response interfaces.
This patch adds an 'AuthenticatorResponse' interface, representing the
generic attributes of responses from authenticators. It then redefines
'ScopedCredentialInfo' and 'AuthenticatorAssertion' to derive from this
interface, and renames them to 'AuthenticatorAttestionResponse' and
'AuthenticatorAssertionResponse' respectively.
These new interfaces are a drop-in replacement for the old interfaces,
no normative changes are intended in this patch, other than the
renaming.
by Mike West
https://github.com/w3c/webauthn/commit/2d10a10a195b2060a7a68ec75265a70adc26dbc4
* Move `getAssertion()`'s `challenge` into `AssertionOptions`
Passing a single dictionary parameter into `getAssertion()` provides
for greater forward compatibility, as new data can be flexibly added
to the method invocation without restructuring the existing
structure. It also helps developers understand what they're passing
in. This is less important for `getAssertion()` than it is for
`makeCredential()`, obviously, but aligning both in a similar
structure seems like a good change to make.
by Mike West
https://github.com/w3c/webauthn/commit/a9da99223c2da0bb07413af2d07b6aa36236421f
* Convert `makeCredential()`'s parameters into a dictionary.
Passing a single dictionary parameter into `makrCredential()` provides
for greater forward compatibility, as new data can be flexibly added
to the method invocation without restructuring the existing
structure. It also helps developers understand what they're passing
in, as each parameter will be labeled.
This patch restructures the data passed into `makeCredential()`
substantially, moving from four parameters to a single dictionary,
and merging some existing types into a simpler structure. Most of
it is straightforward; the only bit I know will be controversial is
dropping `RelyingPartyUserInfo` in favor of two instances of a
simpler `ScopedCredentialEntity` object: one for the RP, one for the
user.
Let's chat about how (un)reasonable this approach might be.
by Mike West
https://github.com/w3c/webauthn/commit/4fad3e51fbe89eb8fbc3ec12542cbd194339c8c2
* fixup drop 'additional'
by Mike West
https://github.com/w3c/webauthn/commit/0039a138e2d27567e7d32f0ddd203748bedb9cbb
* fixup 'additional'
by Mike West
https://github.com/w3c/webauthn/commit/6dca154104884ed814f2b0ded74a959bdf28e3ef
* fixup AssertionRequest
by Mike West
https://github.com/w3c/webauthn/commit/3a5fefb7b0603cab4c7a0bdf7476575067561462
* fixup @equalsJeffH
by Mike West
https://github.com/w3c/webauthn/commit/3cdf1bfbf3252e33354549275566be70e73e7f18
* fixup revert AssertionRequest.
by Mike West
https://github.com/w3c/webauthn/commit/4f4b79f41354f58f250a46b311d3dc1f521cacf7
* fixup merge 'AuthenticatorResponse'
by Mike West
https://github.com/w3c/webauthn/commit/705ecab29e8b6e44c698e9eb0375b394822e456e
* fixup @equalsJeffH
by Mike West
https://github.com/w3c/webauthn/commit/805891752a579d84c677f512539c34f05658cf8d
* fixup merge 'getAssertion()'
by Mike West
https://github.com/w3c/webauthn/commit/ae33b140cd808f849c9c238d3b703099bc3cd9df
* Merge pull request #397 from battre/authenticatorresponse
Introduce authenticator response interfaces.
by =JeffH
https://github.com/w3c/webauthn/commit/c8fc4c184ffd91151c725e4dd224a37c74f2d507
* Merge pull request #398 from battre/dictionary-getassertion
Move `getAssertion()`'s `challenge` into `AssertionOptions`
by =JeffH
https://github.com/w3c/webauthn/commit/c22e2ab8350c8ed2b94b9d158e2c0e56874febd3
* Merge pull request #399 from battre/dictionary-makecredential
Convert `makeCredential()`'s parameters into a dictionary.
by =JeffH
https://github.com/w3c/webauthn/commit/275a5522be02b102a895964ee996920831ce2491
* Merge commit 'c8fc4c1' into merge-with-tot
by Mike West
https://github.com/w3c/webauthn/commit/d6a5508ff86a8b13409787ed66d1b21dfc13b162
* Merge commit 'c22e2ab' into merge-with-tot
by Mike West
https://github.com/w3c/webauthn/commit/d0ef9d3145469a8e1b1a1d4a1742a598d8f1275d
* Merge commit '275a552' into merge-with-tot
by Mike West
https://github.com/w3c/webauthn/commit/76605e5259da3ba493f56f590a49db7f36c278a0
* Merge branch 'merge-with-tot' into cm-api-strawman
by Mike West
https://github.com/w3c/webauthn/commit/8887324476223d3f87fea7dabd6d9ef5d602c87d
* fixup @equalsJeffH feedback.
by Mike West
https://github.com/w3c/webauthn/commit/f967ffb97f4c297ba7a47f7d0b598b4563d3de9a
* Merge based on PR 384
by AngeloKai
https://github.com/w3c/webauthn/commit/5f41fac94ef90ba8cba2551943de86b7c5d59294
* fixup 'CredentialsContainer::create()', as of https://github.com/w3c/webappsec-credential-management/commit/59bba009b65504c4612a44fbb75031aefcd5c4d0
by Mike West
https://github.com/w3c/webauthn/commit/2335da45dc882fc4463187b5319f0edbd8a4533d
* fixup ID => Id, even though I hate it. :)
by Mike West
https://github.com/w3c/webauthn/commit/eab3551a9e675937caaa3f41919d8bdffb518516
* fixup @equalsJeffH
by Mike West
https://github.com/w3c/webauthn/commit/45e1b50ce086608d76e6ee11513f89d3e5798be5
* Remove merge conflicts
by AngeloKai
https://github.com/w3c/webauthn/commit/5e860cd2c4c028d49601847022a84c465cae7815
* fixup @equalsJeffH nits.
by Mike West
https://github.com/w3c/webauthn/commit/a042dd929fd9090e66c043f1538ac3c72c0e0768
* Merge pull request #384 from battre/cm-api-strawman
Strawman of an integration between WebAuthn and Credential Management.
by =JeffH
https://github.com/w3c/webauthn/commit/66c6224cbb287bd6cc4236c2e004dd1caf0894a0
* Merge newly merged master
by AngeloKai
https://github.com/w3c/webauthn/commit/9ba8f8ae8052ef3ff2262b28959bae3f8d21ed3f
* Changed TUI to UV
by AngeloKai
https://github.com/w3c/webauthn/commit/f607343eec407a24d74e14ecf434acf30fb215a7
* Separated proposed changes to extension semantics from PR #386 and use TypeError, per @jyasskin (#389)
Major polishing of definition and exposition of extensions by selfissued - yay, thx! includes:
* Separated proposed changes to extension semantics from PR #386 and use TypeError, per @jyasskin
* Added client data descriptions to all extensions. Accepted suggestions by @jyasskin and @vijaybh.
* Addressed comments by @jyasskin in issue #270
* Gave distinct names to extension inputs and outputs to make descriptions more precise.
* Corrected indexing errors
* Addressed additional comments by Jeff Hodges and Jeffrey Yasskin
by Mike Jones
https://github.com/w3c/webauthn/commit/8eb7b5c7323312a2f49bab4aec04c03a87176cab
* Add a link to web-platform-tests to the top of the spec
A few other specs that have something similar:
https://fetch.spec.whatwg.org/
https://w3c.github.io/IndexedDB/
https://notifications.spec.whatwg.org/
https://w3c.github.io/ServiceWorker/
https://webaudio.github.io/web-audio-api/
https://xhr.spec.whatwg.org/
by Philip Jägenstedt
https://github.com/w3c/webauthn/commit/6692211138c6e0b225b08fc364cbd350ff545a45
* Fix issue #418 - What extension data is in AuthenticatorAssertionResponse.authenticatorData? (#421)
by Mike Jones
https://github.com/w3c/webauthn/commit/333b8aad131f7f0d437e304eecfa12b7af97c618
* Add clarifiation as Jeff requested
by AngeloKai
https://github.com/w3c/webauthn/commit/9fca565c2c0e1dd457386e182c2b78c0860d83e7
* Merge pull request #409 from AngeloKai/angelo-TUI
Add User Verification (UV) bit to authenticator data
by Angelo Liao
https://github.com/w3c/webauthn/commit/55cd330c436202a92c575d4b28db113b07a4b81a
* Correct omissions that failed to send authenticator extension inputs to the authenticators and failed to send client extension outputs to the RP
by Mike Jones
https://github.com/w3c/webauthn/commit/34e0836c0c5378c86099ea5184746638ca2731c9
* Send client extension outputs to the RP
by Mike Jones
https://github.com/w3c/webauthn/commit/73071df630d33bf5f4b2f241867ccf20d72ebe92
* Merge branch 'master' of https://github.com/w3c/webauthn into mbj-extensions-connective-tissue
by Mike Jones
https://github.com/w3c/webauthn/commit/43895e939adbc24c35319352f132c293f936db4c
* Replaced tabs with spaces
by Mike Jones
https://github.com/w3c/webauthn/commit/766d43518a89df7ebba7824f6017b054e6e8231e
* Incorporated feedback from Jeffrey Yasskin
by Mike Jones
https://github.com/w3c/webauthn/commit/ab403a8c47e08e432cff52d339ec908d28189ec4
* Fix XML syntax error
by Mike Jones
https://github.com/w3c/webauthn/commit/701e058a62dc7fc105e5744d84ed339718faa288
* Add authenticator selection dictionary
by AngeloKai
https://github.com/w3c/webauthn/commit/41c22c527fdcbaaec9247a8a9da0133b22945766
* Incorporated additional feedback from Jeffrey Yasskin
by Mike Jones
https://github.com/w3c/webauthn/commit/a7cb8f7dba6ad2c0bc967bb8cd7a7b3aa9fa1ba8
* Fix create algorithm
by AngeloKai
https://github.com/w3c/webauthn/commit/6b14897382c3d00acd3f84ddc200ed29f5589e02
* Add attachment to authenticator selection
by AngeloKai
https://github.com/w3c/webauthn/commit/8182ec5ee2b6301e1553a36429b4b2496ef970fa
* Fix more nits identified by Jeffrey Yasskin
by Mike Jones
https://github.com/w3c/webauthn/commit/ab7c1842a92a1b0b61a1a49aac53dff9273f8bd8
* Correct indentation error(!) to make the document legal Markdown
by Mike Jones
https://github.com/w3c/webauthn/commit/37d893a57000e0328f8523f8b5d3e61ba1133cc6
* Merge pull request #425 from selfissued/mbj-extensions-connective-tissue
Merging, per decision on the 26-Apr-17 call and based on the approval from @jyasskin . Thanks @jyasskin for all the work you put into this!
by Mike Jones
https://github.com/w3c/webauthn/commit/5dedfde4c1e8ea8dff382fbf958479706fb36169
* Add displayName for the user account (#423)
* Add detailedName for the user account
* Use displayName rather than detailedName
by Mike Jones
https://github.com/w3c/webauthn/commit/6d873d597fae3a595039bdfb070e2910fd56fe19
* Remove UV bit
by AngeloKai
https://github.com/w3c/webauthn/commit/a664c910277f3a10c59932b7bec3741bcc1c98a9
* fix grammar error
by AngeloKai
https://github.com/w3c/webauthn/commit/30ac4e875d440c7b0001fe0d402ca7612044c548
* fix merge conflict with master
by AngeloKai
https://github.com/w3c/webauthn/commit/3528e83bf1bb65c8e60c90b7b7e27726473dc634
* Throw NotFoundError when no authenticator is available (#350)
* throw NotFoundError when no authenticator is available
* fixed indentation issue
* Fix bikeshed errors
* updated the bug information
* Merging with PR 384
* Add NotFoundError to create and get
* Updated according to Jeff comment
* Fixes the word empty
* polish angelokai's efforts, fixes #302, also defines 'attachment modality'
* fix broken refs for 'user verified' and 'displayName'
* make user verified dfn to be a 'concept-' dfn
by Angelo Liao
https://github.com/w3c/webauthn/commit/f99d7181e7f56d371bcb506f48295b286ad4bc73
* Merge pull request #419 from foolip/link-to-tests
Add a link to web-platform-tests to the top of the spec
by Mike Jones
https://github.com/w3c/webauthn/commit/b4009d4dbc3fa47aa588b11915af23de741abd43
* Merge branch 'master' into angelo-secondAuthnrSelect
by Angelo Liao
https://github.com/w3c/webauthn/commit/a0df2425a171ac899e5aca88f15d82288c83f921
* Merge pull request #431 from AngeloKai/angelo-removeUV
Remove UV bit from authenticatorData
by Angelo Liao
https://github.com/w3c/webauthn/commit/ebc034cfde228891eaab335c6d27e51fdb99a6cd
* Merge branch 'master' of https://github.com/w3c/webauthn into angelo-secondAuthnrSelect
by Mike Jones
https://github.com/w3c/webauthn/commit/623c092d54bcd3e4739ebac09b1ed209da0a71eb
* merge upstream master
by AngeloKai
https://github.com/w3c/webauthn/commit/254ef6e4b78ab4c5be223acc37bca9f441a3ad73
* merge origin changes made by MikeJ
by AngeloKai
https://github.com/w3c/webauthn/commit/1e031ee33f1dbe99fa8a5f2b4da30c23bf7df95f
* fixed half of the comments by Jeffrey
by AngeloKai
https://github.com/w3c/webauthn/commit/4a5b271a8c12fe2546ca030142f1ddf85d4457e3
* repair fig 3 - fix #401 (#426)
by =JeffH
https://github.com/w3c/webauthn/commit/02a726b763558fbd2fa776509596fa08373b5c01
* public key cred - fixes #406 (#432)
* 'scoped cred' -> 'public key cred', autolink 'origin'
* complete autolinking 'origin'
* cleanup blank spaces & lines
* fixup publickey -> public-key|publicKey per jyasskin-the-enforcer ;-)
* fix conflicts fer real this time (i hope)
by =JeffH
https://github.com/w3c/webauthn/commit/d7b1eceadca35c578d4d0230bbbbf340f24804c3
* Fixed all issues in the comments
by AngeloKai
https://github.com/w3c/webauthn/commit/42a31dd7413d26b1a6a066b6fb579b5438e4b763
* Merge branch 'master' into angelo-secondAuthnrSelect
by Angelo Liao
https://github.com/w3c/webauthn/commit/ef2a60f084e651e65b6c0087c37a5a16f6c89a24
* Fixed Jeffrey error
by AngeloKai
https://github.com/w3c/webauthn/commit/fe7a10b191c408bdba820f3b8080558e4441dbe2
* Merge upstream master
by AngeloKai
https://github.com/w3c/webauthn/commit/9786fd868b2d32e4a4222aa4690cdf9692c054eb
* Fixed comments raised
by AngeloKai
https://github.com/w3c/webauthn/commit/dae876876c26ab8a2ae51631c5e347755cad1b49
* Addressed comments by Jeffrey
by AngeloKai
https://github.com/w3c/webauthn/commit/a9a0891cec00573d14f19d7070722be511675c91
* added false default to requireResidentKey
by AngeloKai
https://github.com/w3c/webauthn/commit/5606a38134d3be40b524783e71dd67c804d714f2
* Merge pull request #429 from AngeloKai/angelo-secondAuthnrSelect
3rd approach: Add authenticator selection dictionary to create with attachment
by Angelo Liao
https://github.com/w3c/webauthn/commit/b7aac16ccaae5f666297cfbd78c919702406b2b1
* Create .pr-preview.json
by =JeffH
https://github.com/w3c/webauthn/commit/47f4af03b0ba3a087d985ff740671eb2b875e60d
* fixed 1 warning and 2 linking errors
by AngeloKai
https://github.com/w3c/webauthn/commit/7c171c857ac8a1e2c788f96770d9bc6016412326
* update to Process 2017
by Wendy Seltzer
https://github.com/w3c/webauthn/commit/53ab1962c245e639e50c7abda1b53461681c70ed
* Process 2017
by Wendy Seltzer
https://github.com/w3c/webauthn/commit/9efcd043e1660735fd79e84ee121350f7ca65370
* Merge pull request #444 from w3c/wseltzer-patch-2
Process 2017
by Wendy Seltzer
https://github.com/w3c/webauthn/commit/96f0e8accb6a890d9f846a17610876daace46e69
* Merge pull request #440 from w3c/jeffh-setup-pr-preview
Create .pr-preview.json -- set up 'pr-preview'
by J.C. Jones
https://github.com/w3c/webauthn/commit/62be04885b7c20922b1b79240a1b7850ac53048d
* Merge pull request #443 from w3c/wseltzer-patch-1
update to Process 2017
by Wendy Seltzer
https://github.com/w3c/webauthn/commit/c49700b2855d941381ee7e64abf23e29d41d82ef
* Fixed all linking errors
by AngeloKai
https://github.com/w3c/webauthn/commit/c5b7c867f1632991f629352fe131097203c07fd8
* Changed WD to ED
by AngeloKai
https://github.com/w3c/webauthn/commit/f4bf910bfd3d86b4cfe1890b5172f6fb70223a4d
* Removed QuotaExceededError
by AngeloKai
https://github.com/w3c/webauthn/commit/6650bec591cb32fdf3635201894e147d5cc536c0
* Merge pull request #448 from AngeloKai/WD05
Fix all linking errors and address isue 439
by Angelo Liao
https://github.com/w3c/webauthn/commit/0f8aa1df40345af732e351b041f78f82cf162449
* Fix QuotaExceededError in authenticatorMakeC
by AngeloKai
https://github.com/w3c/webauthn/commit/21d8a41437b9b9a2b6d20d93cfb3379bd1cbf161
* reverse WD back to ED
by AngeloKai
https://github.com/w3c/webauthn/commit/69fb1f5044c7fffa588cd73966ca85f329acad9e
* Merge branch 'master' into changeError
by AngeloKai
https://github.com/w3c/webauthn/commit/81aa54d7ca917ec3de410dafd358a5a07e53934e
* changed from WD to ED
by AngeloKai
https://github.com/w3c/webauthn/commit/d326645142f6ecb814d664c3c0b7fa76414a5393
* Merge pull request #449 from AngeloKai/changeError
Remove QuotaExceededError from spec
by Angelo Liao
https://github.com/w3c/webauthn/commit/aa86843c15309819d7a881fa5e636f81d07ea36d
* add a publish dir
by wseltzer
https://github.com/w3c/webauthn/commit/b49c7897ec9e8649179fa7ac4da693168f413806
* Added new WD05 link
by AngeloKai
https://github.com/w3c/webauthn/commit/6cad6eee98c7c7fcaa622b15266429f7a5dc86bf
* Merge pull request #450 from AngeloKai/addWDLink
Added new WD05 link
by Angelo Liao
https://github.com/w3c/webauthn/commit/dda3e24fd62da4a35d8fc7711aa1b8ef16030dbc
* Typo fixes
by Adam Langley
https://github.com/w3c/webauthn/commit/72ba7bc27ac0395d2596a811891d3cb7d2680523
* Fix typo.
by Wally Jones
https://github.com/w3c/webauthn/commit/a8803d9ec22d60519a4621885abd4e3e693af98d
* Merge pull request #451 from agl/typos
Typo fixes
by Angelo Liao
https://github.com/w3c/webauthn/commit/fb7d3209cb4ed1179ad9f4e71528e016624f64ae
* Merge pull request #457 from imwally/master
Fix typo.
by Angelo Liao
https://github.com/w3c/webauthn/commit/177f1ec47e60e994026da9f1f1f65a13d46d5569
* redraw fig 3, polish attestation & assertion signature definitions and prose (#463)
* redraw fig 3 attestation object, fixes #434
* update fig 3 caption
* various attestation text polishing, fixes #395
* fixup [RP] & [RPS] markup
* further RP markup fixes
* fixup terminology markup in abstract
* fixup error code markup
* fixup assertion signature dfn
* various markup and dfn polishing
* further polishing
* more linking & terminology, etc polishing
* fixup fig 2, further polish
* refine regex, fix more RP markup
* polishing #attestation-formats section
by =JeffH
https://github.com/w3c/webauthn/commit/a2a4210cff823d489bc01248dd52d630b5fb18e9
* reconciling origin and RP ID handling (#464)
* polish RP ID dfn
* polish authn & regstn dfns
* alphabetize terminology
* minor edits
* decorate all RP ID occurances
* figuring out rpId issues, modest edits to improve issue #414
* fixup RP ID ddfn and rpId handling, improves #255, #259, #260, #416
* fix RP ID dfn, fix descriptions of RP ID's value, improves #255, #259, #260, #416
* more RP ID polishing
* fixup my errors (thx jcjones), cleanup, fix #323
* swap order of CredentialCreationOptions and CredentialRequestOptions sections
* fix confusion of CredentialRequestOptions wrt CredentialCreationOptions
* begin align markup approach of the makeCred and getAssn sections
* |publicKeyOptions| -> |options|
* move {#sctn-user-credential-params} to proper section, minor editing
* decorate title of {#authenticatorSelection} section
* add internal cross-refs
* add internal cross-refs
* clarify title of {#getAssertion}
* complete applying RP ID fixup to {#getAssertion}. thanks bzbarsky & jyasskin, fixes #255, #259, #416
* document RP ID restrictions and relaxations, fixes #260, thx bzbarsky!
* add 'valid domain' restriction placeholder
* addressing jyasskin's feedback -- thanks!
* fix #467
* delete a blank...
* fix various items per jyasskin - thxcls
* |foo|['{{bar}}'] style to <code>|options|.{{bar}}</code> style - thx jyasskin :)
by =JeffH
https://github.com/w3c/webauthn/commit/46b3933dd955642d8f60bc84c2f04eddef1c054d
* address empty allowlist in 'use existing cred' alg, fixes #387 (#427)
* address empty allowlist in 'use existing cred' alg, fixes #387
* incorp jyasskin suggestion. improves #387
* surgery w/hammer, saw, torch on prior attempt to incorp jyasskin suggestion. improves #387
* more surgery hopefully improving #387
* add back backslash on [[DiscoverFromExternal...
* various fixups, move Note up, separate gathering of creds from messing with transports
* revert processing of allowList back to close to original, polish such that fix #387, fix #481
* revert processing of allowList back to close to original, polish such that fix #387
* revise to explictly handle empty credDescpList, may improve #481
by =JeffH
https://github.com/w3c/webauthn/commit/d8b103a799a6c16d39440e2acb130a36c247f99a
* cleanup "easy" issues WD-06 (#489)
* [SameObject] on readonly attrs fixes #285. align IDL
* hashAlg -> hashAlgorithm fixes #326
* allowList -> allowCredentials improves #327
* excludeList -> excludeCredentials fixes #327
* Attachment -> AuthenticatorAttachment improves #329
* Transport -> AuthenticatorTransport fixes #329
* PublicKeyCredentialParameters.algorithm -> .alg fixes #351
* add self attestation to U2F Attestation Statement Format, fixes #392
* make CredFooOptions dict members non-nullable, fixes #490
* add Note wrt 'alg', thx jyasskin
* more merge cleanup allowList->allowCredentials
* normalize fooCredentialDescriptorList terms fixes #494
by =JeffH
https://github.com/w3c/webauthn/commit/c7f1592b66216963f243ca06eafb5dc2224d8479
* Omitted default abstract header (#487)
by Ackermann Yuriy
https://github.com/w3c/webauthn/commit/119dd517bb1c506a3cfd109df3670fc533d31947
* explicitly level 1, fixes #475
by JeffH
https://github.com/w3c/webauthn/commit/3dc51c5916e4ba9d1aefb3815f233a9b5899da66
* improve allowCredentials and transports handling in #getAssertion, fixes #480
by JeffH
https://github.com/w3c/webauthn/commit/763f44ca3ce90211f67a6c8048aeaae6f1ce7f87
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/34805f46cc966a1a44efe95ef6cffae7a16c5a35
* added ... identified by rpId for clarification
by rlin1
https://github.com/w3c/webauthn/commit/c3c9ac8f6bc21e56514c1d9c9a5945457ce83c47
* grammar fixup
by JeffH
https://github.com/w3c/webauthn/commit/9ff5bbfc7f695270db6a37423ed905b4cb868bc1
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/4f3225f6a0ed984ba25e340d57317106cc4ab198
* Merge pull request #499 from gmandyam/master
Add Rate Limiting definition to terminology section
by gmandyam
https://github.com/w3c/webauthn/commit/68cc6092b2c346a7d1789629447c2154e37eeaf2
* add back ' = []' on excludeCredentials, fixes #268
by JeffH
https://github.com/w3c/webauthn/commit/14010fa9c0aeb1e644857a5268b589170916ae42
* Merge pull request #495 from w3c/jeffh-fixup-algs-contd-2
Algorithm Fix-up (Continued, #2)
by J.C. Jones
https://github.com/w3c/webauthn/commit/49da4d6a2e3b6e327cd76a2bce77ddf952dfc1aa
* add links to scribe/bot instructions
by Samuel Weiler
https://github.com/w3c/webauthn/commit/e44a7af33ce2085685d550ee951425a4ed93b95a
* Fix typo.
by ynojima
https://github.com/w3c/webauthn/commit/d7fd46fd6a7f43a0657d1a29f371263c39287ef9
* Fix typo
by ynojima
https://github.com/w3c/webauthn/commit/97864c573dd71e092f8d7b709ab7c3a42de25fec
* Update index.bs
Biometric Selection Criteria extension
by gmandyam
https://github.com/w3c/webauthn/commit/d77acb349d8d216c44333c227bd9eddbe32f9ea4
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/adf287058fa34827e0668d127e995ee96a23eddb
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/834062e5dc9046b08ceb6587758763f3475d6abc
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/82e0e41cc3f88efce5e33dbdc66858fc9eba7e9c
* Merge pull request #505 from sharplab/fix-typos
Fix typo.
by J.C. Jones
https://github.com/w3c/webauthn/commit/4e273b509239f6657f8846404abe4657e8c80d92
* Renamed MakeCredentialOptions to MakePublicKeyCredentialOptions and parameters to pubKeyCredParams
by Mike Jones
https://github.com/w3c/webauthn/commit/a816b3556b73f299ef8c2577626f177713240158
* Merge pull request #511 from selfissued/mbj-MakeCredentialOptions-renaming
Renamed MakeCredentialOptions to MakePublicKeyCredentialOptions and parameters to pubKeyCredParams
by Mike Jones
https://github.com/w3c/webauthn/commit/50ea70c73546ab2fd20ffc4ad81f522db5360e9a
* add requireResidentKey param to the invocation step of authenticatorMakeCredential (#502)
* explicitly level 1, fixes #475
* improve allowCredentials and transports handling in #getAssertion, fixes #480
* Update index.bs
* add requireResidentKey param to authenticatorMC
* added ... identified by rpId for clarification
* grammar fixup
* Update index.bs
* fix linking error
* add back ' = []' on excludeCredentials, fixes #268
* add links to scribe/bot instructions
* Fix typo.
* Fix typo
* Renamed MakeCredentialOptions to MakePublicKeyCredentialOptions and parameters to pubKeyCredParams
* Have parameter orders match those in the Authenticator Operations section
by Angelo Liao
https://github.com/w3c/webauthn/commit/ef83674b2c944e9ab07bec44a6af85362fcc383b
* PublicKeyCredentialParameters parameter name is alg - not algorithm (#513)
by Mike Jones
https://github.com/w3c/webauthn/commit/52b4422b372ec5d56da89f4808cfb12938c8ecb2
* Add a script to update .spec-data, and update the data. (#516)
Thanks, JC!
by J.C. Jones
https://github.com/w3c/webauthn/commit/561fd2cc911fabf81307150794a18b40e8d9c9ec
* Adds requireUserVerification option in AuthenticatorSelectionCriteria (#460)
Merging after applying agreed to updates, per decision on 2-Aug-17 working group call.
by Alexei Czeskis
https://github.com/w3c/webauthn/commit/a9fad51b4a9eb7a0eb9e2f77e403f483abc7192e
* Add isPlatformAuthenticatorReady function to the API surface (#379)
Merging after applying agreed to updates, per decision on 2-Aug-17 working group call.
by Angelo Liao
https://github.com/w3c/webauthn/commit/3e2ada84b66318320d690c49e22c227ab8fe6a1b
* Restrict WebAuthn support to valid domains (#515)
Restrict WebAuthn support to valid domains
* Clarified valid domain note, as suggested by Jeff Hodges
by Mike Jones
https://github.com/w3c/webauthn/commit/e1faf59f86e5903ce4063c1b68b832b93bf1a5f3
* Use COSE_Key and COSE Algorithm Identifiers (#514)
Incorporates improvements from @equalsJeffH .
* Restored incorrectly deleted Credential ID
* add refs for IANA COSE & JOSE registries
* create AlgorithmIdentifier typedef
* fix biblio json - delete commas
* polish several things, eg UV, UP, uv, rk -related
* fixup figs 1 & 3, fix attestation data description S 5.3.1
* really fixing attestation data description S 5.3.1
* Added dashes in registry references to make them more readable
by Mike Jones
https://github.com/w3c/webauthn/commit/cca20d3dd8ac7713904b3ceecd2e0be493592761
* nomalizedAlgorithm->credTypesAndPubKeyAlgs; fixup spec title, clean eol whitespace, fixes #520 (#522)
Thanks for this clarifying change, Jeff.
by =JeffH
https://github.com/w3c/webauthn/commit/73d4461c525c51e96bb03659a5238814712283f0
* Register COSE Algorithm numbers for RSASSA-PKCS1-v1_5 (#525)
Register COSE Algorithm numbers for RSASSA-PKCS1-v1_5 and restrict algorithm identifiers to being integers
* Restricted algorithm identifiers to being numeric
by Mike Jones
https://github.com/w3c/webauthn/commit/4902a80ea3ef8e00db8aeaaf665a62daf176183e
* Renamed AlgorithmIdentifier to COSEAlgorithmIdentifier to fix name conflict with WebCrypto (#531)
Renamed AlgorithmIdentifier to COSEAlgorithmIdentifier to fix name conflict with WebCrypto
* An COSEAlgorithmIdentifier -> a COSEAlgorithmIdentifier
by Mike Jones
https://github.com/w3c/webauthn/commit/1c824c902e1236c2a900452a5080eebc7c40208b
* Fixed the example and other points listed in isPlatformAuthenticatorReady comment (#523)
Addressed the comments in the isPlatformAuthenticatorReady PR, as agreed to on today's call
by Angelo Liao
https://github.com/w3c/webauthn/commit/8bf3b7e7cb803e459da9dfd239e68815cf40aaf7
* add WD06 publish dir
by Angelo Liao
https://github.com/w3c/webauthn/commit/080effc63fa34dbe1154a28481a97bb0e2550de5
* Merge pull request #532 from AngeloKai/master
add WD06 publish dir
by Angelo Liao
https://github.com/w3c/webauthn/commit/546b0441d7ee873c2f598643375779de09393fd4
* add WD06
by Angelo Liao
https://github.com/w3c/webauthn/commit/0683efc3612d1934dde7758600cf373259669318
* add WD06 link to editor's draft
Merge pull request #533 from AngeloKai/master
by Angelo Liao
https://github.com/w3c/webauthn/commit/598ac413cb9df11f971d62d8d27c4c1471d9f1d0
* Update README.md
by Angelo Liao
https://github.com/w3c/webauthn/commit/776a5f42663b4cab640178857d099a72477b1ced
* Update on README.md
by Angelo Liao
https://github.com/w3c/webauthn/commit/b12c7087ae50dc0aea9f8f31e7a5dabef7f60b4a
* Merge pull request #534 from AngeloKai/master
Updated steps for creating working drafts
by Angelo Liao
https://github.com/w3c/webauthn/commit/5e0dbe0dafe9e36912bf2a32c5d5752c99d84476
* fix proper subset tweak (#542)
by Angelo Liao
https://github.com/w3c/webauthn/commit/14c2733ca6a4a9568e4c48fef1b870448818e811
* Plumb User ID through
We need to plumb the custom user id that the RP gave the authenticator during MakeCredential back through to the RP when doing getAssertion.
by christiaanbrand
https://github.com/w3c/webauthn/commit/ac89087f42ac3875f5dde3d581c1c85bc830609c
* Update index.bs
by christiaanbrand
https://github.com/w3c/webauthn/commit/3e0d2915aab90bccbd7d8ae89aa484db4fb712e8
* Update index.bs
by christiaanbrand
https://github.com/w3c/webauthn/commit/c96b64bee7bbd918317d5a6b3865fc8f10f280d4
* Update index.bs
by christiaanbrand
https://github.com/w3c/webauthn/commit/f6499b2a7f85b2f2d3a14efda265f2fb75f94bf0
* Update index.bs
by christiaanbrand
https://github.com/w3c/webauthn/commit/0ce6b12b54d40a34c1ea535d2c59555677921b18
* Update index.bs
by christiaanbrand
https://github.com/w3c/webauthn/commit/92f4b3218a8aa711e39a4385e87d48c3bf25618c
* Remove user agent getting user consent sentence (#553)
Closes #552
by Alexei Czeskis
https://github.com/w3c/webauthn/commit/eb401b78e218af43715e426ea1825fc14966113d
* using descriptive names for authenticator selection criteria (#555)
Since we don't directly send the values of the AuthenticatorSelectionCriteria dictionary keys over the wire, it's ok to leave these values in a human-readable form.
by balfanz
https://github.com/w3c/webauthn/commit/dcf793928221b1883f4c9ac4dd5264b570606e52
* Update index.bs
by Alexei Czeskis
https://github.com/w3c/webauthn/commit/5e2f228d76005a767f2c4e94f1af6b8c2c7d717d
* Fix Android attestation (#546)
* Fix Android attestation
Android attestation had a circular dependency on the public key: The authenticatorData has a public key that was originally intended to be stuck in the ChallengeData for generating a new keypair. When calling this function the public key isn't available to us yet. We have made a change to bring this in line with other attestation formats (ie. packed attestation).
* Update index.bs
* Update index.bs
by christiaanbrand
https://github.com/w3c/webauthn/commit/db1be8059b02cb8981fbe0229f6d1eebaedb9505
* Update index.bs
by Alexei Czeskis
https://github.com/w3c/webauthn/commit/25dfc77228d74440711ff36ff72b81ba77e40669
* Update index.bs
by Alexei Czeskis
https://github.com/w3c/webauthn/commit/f6f85172b064d72ca036fede2ff67188ac888a76
* Clarify Safetynet attestation return value
Clarify the encoding of SafetyNet attestation as a UTF8 encoded string. Closes #563
by christiaanbrand
https://github.com/w3c/webauthn/commit/6e45cc14c885fa3196519484ee6a08a419a31576
* Clarifying signing procedure for U2F attestation
This closes #530
by balfanz
https://github.com/w3c/webauthn/commit/5502d42d31d1aa5b6bc79f686cfecf0c6dbf04f5
* Address security and privacy issues witht the iconURL (#545)
* fix proper subset tweak
* added a priori constraint on iconURL per credman spec
* reference the CR version of Mixed Content instead of editors draft
by Angelo Liao
https://github.com/w3c/webauthn/commit/f37cfc5dfd074832ab61ed299d1ee7d2a6f5c724
* Clarify excludeCredentialDescriptorList (#573)
Add more clarity around the use of excludeCredentialDescriptorList. Closes #567.
by Christiaan Brand
https://github.com/w3c/webauthn/commit/67e922c011aeb2668fd7adfaf75d7f3b7a28cb6c
* Fix reference to UTF8
by Christiaan Brand
https://github.com/w3c/webauthn/commit/ee912eeef7cccfb95197938253c956619bb3a8ca
* Fix #577 - CDDL for attStmtTemplate is ambiguous
There are multiple definitions of `attStmtType`; the template defines it
to be `bytes`, while each concrete instance of the template defines it
as a map. This clarifies that it is always a map, since the ".within" control
operator for CDDL defines that the socket `$$attStmtType` to be the superset of
`attStmtTemplate`. [1]
[1] https://tools.ietf.org/html/draft-ietf-cbor-cddl-00#section-3.8.5
by J.C. Jones
https://github.com/w3c/webauthn/commit/3e86e705a5ad41f163df76649370e13c5045fb73
* Fix syntax errors in JavaScript examples.
by James Barclay
https://github.com/w3c/webauthn/commit/4aa72b65ac0a05e8e21ed64d34249a3eae916eed
* Clean up COSEAlgorithmIdentifier loose ends (#580)
Clean up COSEAlgorithmIdentifier loose ends
by Mike Jones
https://github.com/w3c/webauthn/commit/2ec526743c1fe42ea602fa31d47eed9800a0daf9
* Make user.id a byte array (#586)
Make user.id a byte array
by Mike Jones
https://github.com/w3c/webauthn/commit/26552c41d086f46be877018dc2c8b059178ccaec
* Corrected inaccuracy in authenticator extension processing description
by Mike Jones
https://github.com/w3c/webauthn/commit/0141d97cd79d1bf869b47eb72d4552b729a0ec5c
* Merge pull request #571 from w3c/balfanz-patch-2
Clarifying signing procedure for U2F attestation
by Christiaan Brand
https://github.com/w3c/webauthn/commit/96b9a982b235144816abaaa6517d364eef8dd824
* Merge pull request #572 from christiaanbrand/patch-4
Clarify Safetynet attestation return value
by Christiaan Brand
https://github.com/w3c/webauthn/commit/6589a1013cd776da57d704eb8508fcd53fa6cc88
* Merge pull request #595 from futureimperfect/master
Fix syntax errors in JavaScript examples.
by Christiaan Brand
https://github.com/w3c/webauthn/commit/d96d7668a53bfc463968bedc9d9b95cd64add262
* Merge pull request #596 from selfissued/mbj-extension-description-tweak
Corrected inaccuracy in authenticator extension processing description
by Christiaan Brand
https://github.com/w3c/webauthn/commit/3ee8ed586c2ce62f7a4180cb9dcf0d8d8e5f87cc
* Change user id to user handle
by Christiaan Brand
https://github.com/w3c/webauthn/commit/e63537fcc62af6f0f9768d0e992bf0627b8f6f7b
* Add Vagrantfile for a VM with bikeshed installed
by Emil Lundberg
https://github.com/w3c/webauthn/commit/17539f571cff60af8bbe236f958aa023d917fd45
* Merge pull request #558 from christiaanbrand/patch-2
Plumb User ID through
by Christiaan Brand
https://github.com/w3c/webauthn/commit/23b91fbb455dd3cc84e071c0dab50a3570beea79
* Updates per jyasskin review, referencing CDDL 3.5.1
https://tools.ietf.org/html/draft-ietf-cbor-cddl-00#page-18
by J.C. Jones
https://github.com/w3c/webauthn/commit/5630b47a7d08b291607ed1c4215afea4c0091fed
* Merge pull request #581 from jcjones/577-cddl_attStmt_type
Fix #577 - CDDL for attStmtTemplate is ambiguous
by J.C. Jones
https://github.com/w3c/webauthn/commit/0cae38154c59cf4760e7dfed00f2c44e298f8c9f
* Give authData and attestationData fields formal names
As suggested in #233.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/9a1c34f0c5fd1b65338e081553f914b2da52ac85
* Number the steps in the authenticator operations.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/089c10e16bdcda0bd75db1d7f1d6a2be21304e08
* Add reference to credentialPublicKey
by Emil Lundberg
https://github.com/w3c/webauthn/commit/6820c710f2872d4604fd0def62ec5bbc1674286b
* Rename attestation data to attested credential data
As suggested in #393.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2de6bfbb93a35216667efff9a7f6755de2c10b5a
* Update Figure 1 to agree with 2de6bfb
by Emil Lundberg
https://github.com/w3c/webauthn/commit/7162ea1ac3b88585a29f87951641f15e98acd329
* Remove errant reference to [=attested credential data=]
by Emil Lundberg
https://github.com/w3c/webauthn/commit/151504eac4b3196e9d24b395af53ae9fcf679905
* Merge branch 'master' into issue-393
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ab7f16fdfcf1d2ed2eb74df70be2a6597177e644
* Fix #618 - Make PublicKeyCredential.isPlatformAuthenticatorAvailable static
The example in the spec shows static usage of isPlatformAuthenticatorAvailable,
but isPlatformAuthenticatorAvailable is defined [Unscopable], which is a regular
operation which is defined as being not static.
I think the static method of using this is what we want, actually. Declaring
this as a non-static method on PublicKeyCredential means users need to obtain a
concrete PublicKeyCredential object on which to call
isPlatformAuthenticatorAvailable(). This leads to a situation where you have to
first complete a call to navigator.credentials.create() in order to call
isPlatformAuthenticatorAvailable().
by J.C. Jones
https://github.com/w3c/webauthn/commit/d0a010cd6a23b96044ae0708dd8bb33bff66dc78
* Merge pull request #612 from emlun/vagrant-bikeshed
Tools: Add Vagrantfile for a VM with bikeshed installed
by J.C. Jones
https://github.com/w3c/webauthn/commit/670ecb37e810efaa527f2068685315e32204912b
* Fix #609: Formally define User Handle (#616)
- Formally define User Handle
- Rename "user id" and similar terms to "user handle" everywhere
- Change name and type of `AuthenticatorAssertionResponse` field `DOMString userId` to `ArrayBuffer userHandle`
- `PublicKeyCredentialUserEntity.id` is not renamed, but it is now referred to as the "user handle"
This does not:
- Formally define the term "user account".
- Improve the privacy considerations around returning `userHandle`, as suggested in #578.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e74d8c4da2813559086fa32a28bdc6c576d54c1f
* Rewrite Generating an Attestation Object as an algorithm. (#600)
This replaces the "first generate the authenticator data" step with an input
because that's how it's called.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/8b23fb85f33c03e0420fb8182d9d774012546fd9
* Use || uniformly for concatenation. (#615)
Fixes #562.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/e65e43ed53dcdb411d34a9d75decfc14e768c503
* Merge branch 'master' into issue-393
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e8e993ec0b0f03418661e2b8c565dc3e27caba95
* Sign counter alg clarification [see issue #507] (#539)
* added description for U2F attestation format
* more description added
* ...
* added RP processing rule for signature counter
* explanation added: why should you compare signature counter
* add explanation: where does signature come from
* changes as requested in the PR
* changes as requested in the PR
* changes as requested in the PR
* correction
* more corrections
* typo
* corrected phrase as indicated by equalsJeffH
* correction: bikeshed still wants spaces - not tabs
* updating signcounter consideration according to suggestion in comment
* synatax corrections
* synatax corrections
* more changes added
* more corrections according to the comments in the issue
* addressed second last comment
* removed signing procedure details and referred to CTAP2 section 7
* fixed indent issue
* fix typo
by Rolf Lindemann
https://github.com/w3c/webauthn/commit/d89c5031770f673288c1f5cb320adf33cbf11463
* Merge branch 'master' into issue-393
by Emil Lundberg
https://github.com/w3c/webauthn/commit/042726c60a943fc391527cec202216bd07bd8666
* Merge pull request #619 from jcjones/618-isPlatformAuthenticatorAvailable
Fix #618 - Make PublicKeyCredential.isPlatformAuthenticatorAvailable static
by J.C. Jones
https://github.com/w3c/webauthn/commit/b0a205bc0010df59ab4657f83429b33b932cf552
* Name the parameters and variables in authenticatorMakeCredential.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/c4b96d2114d6f6f18fc04f90961dbcd4b8164696
* Link "item" and use tuple rather than pair syntax for keys.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/c514c5af0539c6b847abf0051c0932d8b049370a
* Improve the counter wording.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/29c00ca8a90ec4abc4547663df7bb13af6a394fe
* Fix [=RP=] links that should be [=[RP]=].
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/997e749a47c656e2d5671dcbd2d27d4282832b89
* remove not needed closing bracket
by Rolf Lindemann
https://github.com/w3c/webauthn/commit/c16fafd18def10492d29162d1a7daa4a37983510
* Require authenticators to implement the signature counter (#630)
by Mike Jones
https://github.com/w3c/webauthn/commit/2d3732b659a0b4fcd439097137a2618e3ebe4cd3
* updated the definition of authenticator (#607)
* updated the definition of authenticator
* updated according to comment
by Rolf Lindemann
https://github.com/w3c/webauthn/commit/1674caa4663e5fa1e3635d48be8b787e0c2d82ef
* Relaxing user prompt requirements in certain cases
Relaxing the requirement to prompt the user on key creation *if* the authenticator is built-in *and* the RP didn't supply an excludeList of credentials.
by balfanz
https://github.com/w3c/webauthn/commit/9598e1d11e4ab344387131ad908f0335512bebdb
* Merge pull request #634 from w3c/balfanz-patch-3
Relaxing user prompt requirements in certain cases
by balfanz
https://github.com/w3c/webauthn/commit/394c9c0b369232a9004f71e3638fcc958a8725e0
* Merge branch 'master' into issue-393
by Emil Lundberg
https://github.com/w3c/webauthn/commit/98549bde4320f311772c1fcaf42d7963f67b37dc
* Link attestation statement and -format in §6.1 step 10
As discussed in #561
by Emil Lundberg
https://github.com/w3c/webauthn/commit/490eeaf49490456b93755a0c82ac0e7811574f2c
* Add a Relying Party conformance class. (#604)
* Add a Relying Party conformance class.
Fixes #88.
* Link "Relying Party".
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/527aaf67e45838baba4d325cf1267504717fc8fc
* Fix merge conflicts
by J.C. Jones
https://github.com/w3c/webauthn/commit/ea38238bd75789a894ef7ab52abefeb8d5514c0c
* Merge remote-tracking branch 'origin/master' into jyasskin-name-authenticator-params
by J.C. Jones
https://github.com/w3c/webauthn/commit/7fde1b973f3bcc17bca2ca30e92365d6cf1a0da7
* Merge branch 'jyasskin-name-authenticator-params'
by J.C. Jones
https://github.com/w3c/webauthn/commit/f6c9ed6d04ae0d695a6bf2659c214404ef3b5e6f
* Fix User.ID example
Make User.ID binary in example 2 in section 11. Closes #598
by Christiaan Brand
https://github.com/w3c/webauthn/commit/95fd62a3844a95c6cd9065fee90d73e60583f3fc
* Fix #551 - Define a Store method for PublicKeyCredential.
The Store operation isn't defined for PublicKeyCredential, even though it
is inherited from Credential Management. This defines that operation as
always resolving with an error.
by J.C. Jones
https://github.com/w3c/webauthn/commit/b7613fa71c23d7f52bad394a2d4e8087f1e10453
* Merge pull request #631 from jcjones/551-store
Fix #551 - Define a Store method for PublicKeyCredential.
by J.C. Jones
https://github.com/w3c/webauthn/commit/fff646941a6b79ced149e1d42bc2f0c4a6f9752e
* Merge pull request #635 from emlun/issue-561
Link attestation statement and -format in §6.1 step 10
by J.C. Jones
https://github.com/w3c/webauthn/commit/06d5468e5b70ff5476e87188941e87d0cec67c20
* Rewrite the "make an assertion" introduction to clarify how get() works. (#611)
* Rewrite the "make an assertion" introduction to clarify how get() works.
Fixes #566.
* Fix equalsJeffH's comments.
* Clarify the "user may decline" sentence per equalsJeffH.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/97e8af01a1115f589ec21272e258a7b338b09f6a
* update CTAP ref with correct authors and URL (#638)
by =JeffH
https://github.com/w3c/webauthn/commit/f94ed9180b06571bc0af59d605f56fa520072edf
* Name the parameters and variables in authenticatorGetAssertion.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/9a542186a04aab5ff2552647e394316d33e6f9fa
* s/ID/credential ID/
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/6594dc74bcd89bcfd218d307e054f0fbac3c6112
* Merge pull request #637 from w3c/christiaanbrand-patch-1
Fix User.ID example
by J.C. Jones
https://github.com/w3c/webauthn/commit/641949fd27a21a929fd17f2d3b95be1006120110
* Merge branch 'master' into issue-393
by Emil Lundberg
https://github.com/w3c/webauthn/commit/fc94c52a158c5469ea2fcb95e754df4b8508d8f0
* Fix grammar in description of attested credential data length
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1308537fa012d22c872bbab10ba06a811ade6959
* Update to newest bikeshed state
by J.C. Jones
https://github.com/w3c/webauthn/commit/1b4c2449d471358600fb1b61a73e523e927c475f
* Also update bikshed-include to fix the double-Abstract problem
by J.C. Jones
https://github.com/w3c/webauthn/commit/6563f2209fba7bfd695080f15800ca9220374b0e
* Link "extension identifier" as requested in #602
https://github.com/w3c/webauthn/pull/602#discussion_r144167932
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/4bb24bfe5ddfd676eafd408efb32f9078ec4733a
* Merge pull request #614 from emlun/issue-393
Fix #393: Rename attestation data to attested credential data
by Emil Lundberg
https://github.com/w3c/webauthn/commit/408ef307c90c3f80f7c06405b73225924bb7c2e5
* Fix #569 - Add Exposed to all WebIDL interfaces
by J.C. Jones
https://github.com/w3c/webauthn/commit/a7482798404193a96058f63aabb376b95bf1aad0
* Remove attributes from partial interface definition
by J.C. Jones
https://github.com/w3c/webauthn/commit/ee174c2aa78b77ffb8de5b9d758333dcc6bb9493
* Only exclude CredIDs matching the RPID
Only credentials in the exclude credentials list that match this RPID should result in a not allowed error.
by Johan Verrept
https://github.com/w3c/webauthn/commit/d879b79a8c3e7a73d134d63fc84db9948c278a7b
* Fix #561
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b9575efdfd8952ca6e44cc1b733df2f870891d71
* Merge pull request #652 from w3c/issue-561
Fix #561
by Emil Lundberg
https://github.com/w3c/webauthn/commit/bf41e8ed5cf0e0fe7a2696e6bd82bffac39e767a
* Fix #624 - Change PublicKeyCredential.clientExtensionResults to an operation
The attribute `clientExtensionResults` is a typedef of `record<DOMString, any>`.
The WebIDL spec says "Records must not be used as the type of an attribute
or constant", so this is not legal.
This commit changes the attribute `clientExtensionResults` into an operation
`getClientExtensionResults()`.
by J.C. Jones
https://github.com/w3c/webauthn/commit/b8c60278ad53479d03a2247e1360c33869f58e92
* fixup algs contd 3 (#498)
* do not call authenticatorMakeCredential() with separate |rpId| fixes #466
* credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472
* fixup global object reference per domenic, improves #472
* indent 4.1.4 step 18et al to clarify relation to prior step
* fix line indent
* do not call authenticatorMakeCredential() with separate |rpId| fixes #466
* credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472
* fixup global object reference per domenic, improves #472
* indent 4.1.4 step 18et al to clarify relation to prior step
* fix line indent
* post rebase-on-master, fix dangling MakeCredentialOptions
* fix error in resolving rebase conflicts
* further rebase conflict resolution error fixups
* convert switch steps to colon-denotation
* tag 'while'
* primary changes for improving #472 mostly complete
* further issue #472 cleanups
* del 'cancel the timer' from #creatCredential fixes #535
* polish constructResultantCredentialCallback method description
* incorp comments from mikewest at webappsec-credential-management/pull/100
* rebased onto master
* credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472
* fixup global object reference per domenic, improves #472
* indent 4.1.4 step 18et al to clarify relation to prior step
* fix line indent
* do not call authenticatorMakeCredential() with separate |rpId| fixes #466
* credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472
* post rebase-on-master, fix dangling MakeCredentialOptions
* fix error in resolving rebase conflicts
* convert switch steps to colon-denotation
* tag 'while'
* primary changes for improving #472 mostly complete
* further issue #472 cleanups
* polish constructResultantCredentialCallback method description
* incorp comments from mikewest at webappsec-credential-management/pull/100
* fix indents make BS happy, add some periods
* fix code tags placement
* correct bugs in prior merge conflict resolution, doh
* rm 'the bytes of'
* add missing @@EDITOR-ANCHOR-01A
* auto-number some steps
* re- fix #466 (due to merge-from-master), fix #536
* eliminate callback and just return an algorithm from #createCredential
* continue fix conflicts from merge from master
* fix a couple of issue #466 stragglers in #op-make-cred
* revert to prior AuthenticationExtensions language per jyasskin
* add inline spec issue pointing to issue #657
* minor cleanups, remove issue wrt not explicitly returning |credentialCreationData|
* fix annoying bikeshed warning wrt 'rpEntity'
* correctly fix warning as well as other incorrect markup
by =JeffH
https://github.com/w3c/webauthn/commit/f1f54951d5e5bffc54bbaf971ef72f091c9cde74
* clarified the ECDAA signing procedure. Close #591 (#641)
* clarified the ECDAA signing procedure. Close #591
* fix indent error
* fix line-indentation make BS happy
by Rolf Lindemann
https://github.com/w3c/webauthn/commit/01aa320dfad02e768dbfdb2071191cce3e6e18d8
* Fix #574 - Change language for Create and Get to support hotplugging
This is an incomplete fix; a full fix is intended to be handled in Issue #613.
This reorders the Create and Get operations to indicate that the algorithms for
interacting with devices should be applied as devices are hotplugged / arrive.
It does not specify what happens when devices are removed, nor does it use
precise language. I'm not sure what language would be appropriate in this world,
so this patch is just to make things "better" not "correct".
Resolve @equalsJeffH's comments:
1. Define |lifetimeTimer| and make it available to the line that starts the
hotplugging
2. Use the |lifetimeTimer| for references later in those algorithms to reduce
confusion
3. Reword the Notes
4. Change the Notes to Issues
by J.C. Jones
https://github.com/w3c/webauthn/commit/6e0716f1f38c7a89b4bc8d1539d215e43b6a6bf0
* Address @AngeloKai's comments
by J.C. Jones
https://github.com/w3c/webauthn/commit/7bc3a3e7bb24fbb9c3def88ffd956f47a78226c0
* Address @AngeloKai's comments about lifetimeTimer
by J.C. Jones
https://github.com/w3c/webauthn/commit/df88d55d3c4d6133c744eaa4cab25a59571ecb84
* Last minute nitfixes
by J.C. Jones
https://github.com/w3c/webauthn/commit/83da7ff458cff646e9f8773a90a8f767b9c3f36d
* Merge pull request #655 from jcjones/574-hotplugging
Fix #574 - Change language for Create and Get to support hotplugging
by J.C. Jones
https://github.com/w3c/webauthn/commit/579f6cfe6247606ca7e1ffb455ad9964a4ee9c80
* Change |rpId| to rpEntity.id
by Johan Verrept
https://github.com/w3c/webauthn/commit/be4c139c8bdf0bc1fab835d63194fcf8b527b814
* Fix #560: ensure #registering-a-new-credential step 10 and the inputs to all attStmt types' verification procedures match (#639)
* Fix #560
* Address review comments
* Link [=authenticator data=] in <dfn>auth...data claimed...attestation</dfn>
* Define attestation trust path
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e9a9c33d30505f9ab9860a3f292cd1283fb97f80
* Fix getAssertion too.
by Johan Verrept
https://github.com/w3c/webauthn/commit/4794adbb4ad20e4c0543ad7fb203149c0ce5fda9
* In this case it is |rpId|
by Johan Verrept
https://github.com/w3c/webauthn/commit/a242e6a93c6874741385db1943c5e5cef82a9264
* fix #657: where does return value of PublicKeyCredential.getClientExtensionResults() come from?
by JeffH
https://github.com/w3c/webauthn/commit/5c8dc4923ec502bc43bc3fff4f47070e1d5c26d9
* grammar fix
by JeffH
https://github.com/w3c/webauthn/commit/5ea8a285b1af248c275a3dd0d471469fbfe32571
* Merge pull request #662 from w3c/jeffh-fixup-algs-contd-5
fix #657: where does return value of PublicKeyCredential.getClientExtensionResults() come from?
by J.C. Jones
https://github.com/w3c/webauthn/commit/bcb5c110968ae4d3c410a62440b254bf161fd121
* Clarify PublicKeyCredentialEntity name descriptions
This resolves #622. This also changes some display name examples to
include non-ASCII characters.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8cdeac8e52a0b21688fdd429fafb43a8dc2b445d
* Drop user.name uniqueness recommendation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/be5143fb9d5f50c056a95f1ab358307c5a9df4d4
* Improved language.
by Johan Verrept
https://github.com/w3c/webauthn/commit/af041112f1644967731fc340c0ac1bee74e2cea9
* Fix up makeCredential with the same fixes.
Also added a reference to the list item back in the correct place.
by Johan Verrept
https://github.com/w3c/webauthn/commit/558c01377e5e1cc386fa9cf4c335af528ff7bc04
* Update index.bs
by Johan Verrept
https://github.com/w3c/webauthn/commit/e051327afd111b69bfd741942b24a139efbe7ebe
* Fix indent.
by Johan Verrept
https://github.com/w3c/webauthn/commit/6e5f27fb19aebd99583c77c8f4ceb70b8bba54ff
* Define Public Key Credential Source and Credential ID. (#620)
This also redefines "Public Key Credential" to cover private keys, public keys, and assertions, as a willful violation of RFC4949.
Credential ID is defined to explicitly include the possibility that it's the encrypted Credential Source.
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/c647b7099dfc78dcab15998783971efa1ea67987
* Sensible limits for RP and User Entity fields. (#667)
by Akshay Kumar
https://github.com/w3c/webauthn/commit/0418f3eeb054b57bc541bbf57f689959ae154cd3
* Make PublicKeyCredentialEntity hierarchy required members required in IDL
This resolves #587.
Summary:
- Make member `PublicKeyCredentialEntity.name` required
- Make member `PublicKeyCredentialUserEntity.id` required
- Make member `PublicKeyCredentialUserEntity.displayName` required
- Remove algorithm step from _§5.1.3 Create a new credential_ that
instructed to throw an exception if any of the above members were
missing
by Emil Lundberg
https://github.com/w3c/webauthn/commit/9f5df060fc78da739e408e4aff2e7edd165e6fe3
* Un-hardcode step numbers in RP operations
by Emil Lundberg
https://github.com/w3c/webauthn/commit/cac111d31901930efb6889d45371f5982f869039
* Instruct RPs to verify UP and UV in RP Operations
by Emil Lundberg
https://github.com/w3c/webauthn/commit/9a7bd9c45de0259ff439d9f94d5d486d6e705631
* Merge pull request #651 from jovasco/patch-1
Only exclude CredIDs matching the RPID
by J.C. Jones
https://github.com/w3c/webauthn/commit/625bd7acf014bb1664d2b8852883d83dba96b944
* Add UV parameter to getAssertion operation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1c1a111f018b0321f6d508c8db2c703533ef70b9
* Fix indentation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1d2d0e5c25d1c26b07d871a20e76f5d5d414be95
* Always require UP or UV for authenticator operations
by Emil Lundberg
https://github.com/w3c/webauthn/commit/48226c7aa5a9d167a8d78970916390415b3d98c2
* Make requireUserVerification enum instead of Boolean
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d0b43a66dc4c8b40a77970beda160f8ddffcb7db
* Improve formulation of UP/UV requirement in authenticator operations
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ef015fa96e93bb1a1f64b7a6718c40cc0695efa6
* Remove duplicated error return instruction
by Emil Lundberg
https://github.com/w3c/webauthn/commit/81f94455bf8ce41207b8ba4771f788101a6be0ec
* Add dfn links to occurences of "user consent"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/76d6e0df5d589ea4f005aa2f25c5d7c44d20b0c0
* Move UserVerificationRequirement to supporting data structures
by Emil Lundberg
https://github.com/w3c/webauthn/commit/af7da2de7c6cd71b32f5d0e875317b6dd89fbff0
* Remove authenticatorSelection from get() options and pass UV parameter standalone
It's just confusing to send the whole `AuthenticatorSelectionCriteria`
structure but ignore of forbid 2 of the 3 members. If those additional
parameters should be added in the future, that will probably be a
breaking change anyway.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/330552ff0e2f88e664494ef71b4e278f32cfe8fa
* Fix reference to |rpEntity| and |userEntity| in authenticatorGetAssertion
by Emil Lundberg
https://github.com/w3c/webauthn/commit/20e5a52d28bc089d3c5b504ede37d39cda99f2d5
* Fix typo
by Emil Lundberg
https://github.com/w3c/webauthn/commit/dbca08d39510c52d6cb9695aebebc997a135285a
* Remove redundant "if present" from requireUserVerification description
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c6f07a5ac214f661c79aaf49b9e42bf2e27aa7ac
* Merge pull request #669 from w3c/issue-587
Fix #587: Make PublicKeyCredentialEntity members required in IDL
by J.C. Jones
https://github.com/w3c/webauthn/commit/7153b55e8cd8e1bad5b5f57ee1eb7da158695361
* Change requireUserVerification default to "wanted"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/7a134d5a8fa83beacde02eacef5bd6f25b9c3dac
* Rename UserVerificationRequirement."wanted" to "preferred"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/148a04032d2f61d05233b19e4ee393c2b93c6db8
* Rename UserVerificationRequirement."not-wanted" to "discouraged"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e08368c217dcdc83fd51be5d569c9f852c85e2ea
* Make UP and UV independent again
by Emil Lundberg
https://github.com/w3c/webauthn/commit/9a3e24b09fc2c7bffa200131d7ef3bf70335f946
* Merge branch 'master' into issue-644
by JeffH
https://github.com/w3c/webauthn/commit/bae7b0564f135b29d8b71bd20df349224a313b22
* Make create() and get() abortable (#544)
* do not call authenticatorMakeCredential() with separate |rpId| fixes #466
* credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472
* fixup global object reference per domenic, improves #472
* indent 4.1.4 step 18et al to clarify relation to prior step
* fix line indent
* do not call authenticatorMakeCredential() with separate |rpId| fixes #466
* credID returned by authnrGetAssn() is optional if allowCreds has exactly 1 member fixes #472
* fixup global object reference per domenic, improves #472
* indent 4.1.4 step 18et al to clarify relation to prior step
* fix line indent
* post rebase-on-master, fix dangling MakeCredentialOptions
* fix error in resolving rebase conflicts
* further rebase conflict resolution error fixups
* convert switch steps to colon-denotation
* tag 'while'
* primary changes for improving #472 mostly complete
* further issue #472 cleanups
* del 'cancel the timer' from #creatCredential fixes #535
* polish constructResultantCredentialCallback method description
* marked authenticator model section as non-normative
* marked relying party operation section as non-normative
* fix proper subset tweak
* Added abort signal object and steps to webauthn
* fixed a minor issue with linking
* add minor edits to focus on the main things
* getting the blank line correct
* Added a example section to explain how abort should be used
* fix up example
* committing before computer dies
* updated grammars of the example based on feedback
* update example text
* Updated with the section on switching tab; complete the PR
* minor tweak
* finished polishing the spec
* whoops one leftover
* finally figured out how to remove last two linking errors
* take out abortsignal from extension; edit promise rejection
by Angelo Liao
https://github.com/w3c/webauthn/commit/931b46eece69f5d780ce4b317e3a377a3a67f85c
* Format |userVerification| decisions as switches
by Emil Lundberg
https://github.com/w3c/webauthn/commit/fc2c7b8ad29eadef42ec379c4e410aaa5820f0a1
* Address review comments on minor wordings
by Emil Lundberg
https://github.com/w3c/webauthn/commit/78431f5efd90b59be2bdc2f3c8ea934618fe7ded
* Address review comments on code style
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4c7d6f6da3369b4abf034427a236a6416d3714dd
* Fix list numbering accidentally broken by fc2c7b8
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a2c99a513ad0b38c9d2cca60951d0384cd51f2e0
* Make authenticatorMakeCredential always use UV if possible
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b689825eb7d98e3a1284382ba6dd82be287b6eb4
* Remove redundant check of support for requireUserVerification
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b897592aecebd0fc723954e78d703c6025333078
* fix #254: credman alignment: update #getAssertion section a la PR #498 (#665)
* actually improve #254, and fix #661
* DiscoFrmExtSource(options) -> (origin, options)
* make [[DiscoFrmExtSource]]'s exposition match [[Create]]'s
* deal with yet another fix #254 straggler in [[Create]]
* get rid of |global| in [[DiscoFrmExtSource]]
* remove 'in parallel' and 'global' stuff from #discover-from-external-source alg
* work on #discover-from-external-source alg to improve #254
* finish (one hopes) work on #discover-from-external-source alg to fix #254
* minor editorial
* repair #createCredential intro parag, improves issue #671
* complete fix #671
by =JeffH
https://github.com/w3c/webauthn/commit/d468a75b6a723867d24add0bd01bd7225acbcdbf
* merge from master & fix conflicts
by JeffH
https://github.com/w3c/webauthn/commit/f271306def3dbd9bc9e249d49c9c94ce4d72d717
* Fix broken variable member references
by Emil Lundberg
https://github.com/w3c/webauthn/commit/14d08ce5e223bb4312550a3d75763305d193f1ae
* Fix instructions for UV in authenticatorGetAssertion
by Emil Lundberg
https://github.com/w3c/webauthn/commit/6eeaa4d6cc5433d33eb5550528365acb45339b10
* Fix a reference to the wrong requireUserVerification member
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b59da77c0a50680e49b4b3716df1710cb196acd3
* Rename PublicKeyCredentialRequestOptions.requireUserVerification to userVerification
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b245b72221568403cb197270bfd4715ed5098869
* Modify SafetyNet descriptive text (#643)
* Update index.bs
Biometric Selection Criteria extension
* Update index.bs
* Update index.bs
* Update index.bs
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/0e93926d7c77afd07e75002880f15b53e5137bf2
* replaced authenticatio key by credential private key. Close #590
by rlin1
https://github.com/w3c/webauthn/commit/63564a4ff5261dcd7f1e2e626ce81b7b96ebeb2f
* use the registered ext ids in examples
by rlin1
https://github.com/w3c/webauthn/commit/40875f1e798bac1cd7f6393c16da39d671e32ebb
* Merge pull request #676 from w3c/fix-590
replaced authentication key by credential private key. Close #590
by J.C. Jones
https://github.com/w3c/webauthn/commit/cffd22fddf9aec528e30a03548b55146bac13efd
* Updated authnr def (#678)
* updated the definition of authenticator
* updated according to comment
by Rolf Lindemann
https://github.com/w3c/webauthn/commit/1194ce5b3204240561e0e075342d3ea303c40d4c
* Merge branch 'master' into issue-622
by Emil Lundberg
https://github.com/w3c/webauthn/commit/343b89d8a64e81920133c1df25515d769528a959
* Clarify semantics of isPlatformAuthenticatorAvailable
This closes #627.
by balfanz
https://github.com/w3c/webauthn/commit/474d0254a0d1db20d77da89b10a5c124148b75d3
* changing name of method
changing name of method to isUserVerifyingPlatformAuthenticatorAvailable
by balfanz
https://github.com/w3c/webauthn/commit/25a35a9229825dec100e9e65dcf3647c24d6001c
* adding references
Added references to the definition of user verification.
by balfanz
https://github.com/w3c/webauthn/commit/1dd484021d437d9046b1b65e90c8b0880a5f6606
* Merge pull request #680 from w3c/balfanz-patch-5
Clarify semantics of isPlatformAuthenticatorAvailable
by balfanz
https://github.com/w3c/webauthn/commit/66c2ec950171b2d47d32ca5025d681e710f6e139
* Fix attestation types supported for each format
by J.C. Jones
https://github.com/w3c/webauthn/commit/5f4f3e64ae77843d50f85b2f5b632a47f0088c00
* Fix #404 - Add a Security Consideration for Cryptographic Challenges
by J.C. Jones
https://github.com/w3c/webauthn/commit/21f5886f77d0a50c427beb64315275eb2b41d4da
* Resolve #292 - Clarify that only one operation is permitted per authenticator session
by J.C. Jones
https://github.com/w3c/webauthn/commit/abf8afea9183450ce2175e976c6d23216c46e2da
* Merge branch 'master' into issue-644
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8ee7f25dc622742bd4003b2a615f167e9c68c800
* Review updates
by J.C. Jones
https://github.com/w3c/webauthn/commit/28657152284a74519b4ae60c1c22b985ec4fb21d
* Review updates
by J.C. Jones
https://github.com/w3c/webauthn/commit/f496efac6ce2e84692e1bc1d42e6453ba90e2584
* Merge pull request #677 from w3c/consistent-extension-ids-588
use the registered ext ids in examples
by J.C. Jones
https://github.com/w3c/webauthn/commit/52f3d9ed3c63746728b3c73b72ab7f9899253fbe
* Fix uvm 368 (#675)
* fix copy and paste error
* improve wording
by Rolf Lindemann
https://github.com/w3c/webauthn/commit/31ddb22449a62bcb05b901234fb29a80281953a6
* Adding a type field to CollectedClientData
by balfanz
https://github.com/w3c/webauthn/commit/fa787d0238cb97a1535219b2a77d5361f116522d
* adding RP processing rules.
by balfanz
https://github.com/w3c/webauthn/commit/fda86222f8fb5b2f879bbdb2b9f093299dd42241
* Added explanation...
...as to what this new field is for.
by balfanz
https://github.com/w3c/webauthn/commit/59683f65dbd7c89234d858d6eef5d598f76e9c23
* Merge pull request #682 from w3c/balfanz-patch-5
Adding a type field to CollectedClientData
by balfanz
https://github.com/w3c/webauthn/commit/cd591289dfaa8bde2ef729321c5fe9ae943cdc2a
* Update per @equalsJeffH comments
by J.C. Jones
https://github.com/w3c/webauthn/commit/66f094f134f7c20d3cfd9f54d3f11deb7146764e
* Nit: "set" -> "pair"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/641eed3514e210e2ead67a26c6ed3ef259f5383f
* Merge pull request #684 from emlun/nit0
Tiny nit: "pair of cryptographic keys" instead of "set of cryptographic keys"
by J.C. Jones
https://github.com/w3c/webauthn/commit/e09e0c3d05803018eb6f8841a16a9e436433d3cc
* Merge branch 'master' into issue-644
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8d261e9c57d700fbcb4ef97f08ea0979da45d9e7
* Revert "Make authenticatorMakeCredential always use UV if possible"
This reverts commit b689825eb7d98e3a1284382ba6dd82be287b6eb4.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4a8f028c85a260cdcd41b1fd07dcd2f73cb4a6f6
* Remove duplicated UV step from authenticatorMakeCredential
by Emil Lundberg
https://github.com/w3c/webauthn/commit/0380327385bab3e3b477d975d1d0b9711fb554c2
* Move UserVerificationRequirement subsection to last in its section
To avoid changing the number of all the other subsections...
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a51550386b9ab422d0ff1c895487fe23afa8135f
* Address editorial review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2969b37b04e8ea3d977020b30170cb32e8e1cf45
* Fix initial part of step 18 of credentials.get()
by Emil Lundberg
https://github.com/w3c/webauthn/commit/5b98d1d052cede8dcb2d06f94b75b19a276d29b6
* Wait for lifetimeTimer to expire instead of issuedRequests to be empty
The previous language would have the procedure terminate as soon as
there are no pending authenticator requests - including immediately at
the beginning unless at least one authenticator is available at that
time.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/18847d55a42c92eec4ed13530edee49f0d28a3a8
* Add privacy consideration about terminating getAssertion early
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3a8f961db57f935d7f07312ac3aa1f1e69d26b98
* Merge pull request #681 from jcjones/404-challanges
Fix #404 - Add a Security Consideration for Cryptographic Challenges
by J.C. Jones
https://github.com/w3c/webauthn/commit/45541f918a8c43fe2d5c5a7ef2eb4adc508bc513
* Merge pull request #673 from jcjones/292-operations_in_flight
Resolve #292 - Clarify that only one operation is permitted per authenticator session
by J.C. Jones
https://github.com/w3c/webauthn/commit/b8656455896b3eb888653e464786cfc921ac1492
* Clarify that the privacy consideration is a timing issue
by Emil Lundberg
https://github.com/w3c/webauthn/commit/df7dc0f28242bf3819fffcfa6162ae3ef22a6ce3
* Address review comment by @kpaulh
by Emil Lundberg
https://github.com/w3c/webauthn/commit/96655eb220880c1f34d4579501cba5ce6f11effb
* Don't always require UV for first factor authenticatorGetAssertion
This requirement isn't compatible with the current CTAP2 draft.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ba242b9d5f7ea2b3534618d4d31890d5f993ae56
* Align authenticator operations' UP/UV behaviour with CTAP2
by Emil Lundberg
https://github.com/w3c/webauthn/commit/7f831e3c7ebf669041c6413acc8005c3efa0eb8b
* more consistency: add Get name to section 5.1.4
by rlin1
https://github.com/w3c/webauthn/commit/46d6c51d7908a0f879c32586d3a09a4ccf1ee903
* Fix plural
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ea30a3319ac43765d8eef605fc49cbe66568f165
* Prompt for credential selection only if more than one eligible
Per review comment by @rlin1.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3d352c7c29c86bb94fe9fa001edff8865dd4b58d
* Use Infra list terms in authenticatorGetAssertion
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f6358cf71495e8e2a388dc86d3b465683a5317ad
* Use Infra list terms in authenticatorGetAssertion
by Emil Lundberg
https://github.com/w3c/webauthn/commit/05f4b23cda33c8bf7c162652583bc0fd91127331
* Add RSASSA-PKCS1-v1_5 w/ SHA1 for TPM attestations and correct TPM signing/verification text (#690)
by Mike Jones
https://github.com/w3c/webauthn/commit/3985dd18d2d6c1d54dae21c78d255314f4354095
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/8d0c61f05a4ebc8c4aa4f211ec5485db58ab37f6
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/14672723a1577508c0a5ef42c0aabedc40789e80
* Merge pull request #672 from w3c/issue-644
Fix #644: Add UV parameter to getAssertion
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e51726412fd0cc25ed49be2d301be86d58296f04
* Fix references to |authenticatorSelection| members in step §5.1.3.18
by Emil Lundberg
https://github.com/w3c/webauthn/commit/705e3d8ac02d86482398a2530b46b552222d47f2
* Merge branch 'master' into issue-692
by Emil Lundberg
https://github.com/w3c/webauthn/commit/7b5b19555d7fb44db145a5ddb1c3383a2fa00bcb
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/90f0476b0a8da42324b50cafcb159588fecac3ef
* Merge pull request #696 from w3c/issue-692
Fix issue #692
by Emil Lundberg
https://github.com/w3c/webauthn/commit/311d50fd96a95c2cee934430227f9aa0d11c2f35
* fix comments in pre blocks and other linking errors (#697)
* remove comments from <pre> blocks
* add missing close div tag in #storeCredential
* fix warning wrt var usage in authenticatorMakeCredential input params
* fix 'challenge' linking error
by =JeffH
https://github.com/w3c/webauthn/commit/cc943646ae5e63c69907578bd5a2c2daae700ba9
* resolved auto-merge conflicts
by rlin1
https://github.com/w3c/webauthn/commit/213cbbf3d276f5e2ddc1e1bd2875df6cae54d9af
* build on Adding a choice for RP to express preferences for attestation types (#693)
* Adding a choice for RP to express preferences for attestation types
Adding a choice for RP to express preferences for attestation types. "low-cost" means don't bother the user to get the attestation, don't do a network roundtrip, etc., even if that means that we won't end up with a meaningful attestation (i.e., even if we only get self-attestation). "verifiable" means that the RP wants a verifiable attestation, even if that means that the user agent needs to connect to the Privacy CA, collect user consent, wait for ECDAA signatures to finish, etc.
* Update index.bs
* Update index.bs
* Added a third option
And changed "low-cost" to "none".
* adding client processing rules...
...for the attestation preferences.
* typo
* typos
* PR 636: rename several items and remove prescriptive wording about UI.
* Addressing akshayku's comments on previous change.
* attestationPresentationPreference -> attestationConveyancePreference
* refine/polich switch stmt
* more refining
* refining AttestationConveyancePreference section
* polish AttestationConveyancePreference section, plus make BS happy
* add issue
* make BS happy
* polish
* need to define 'blinding'
* editorial polish
* fix up MakePublicKeyCredentialOptions.attestation description, remove line-ending blanks
* make BS happy - no comments in <pre> blocks, define attestation conveyance
* adapt commit 825cce7 language
* move attestation conveyance \<dfn>
* address jyasskin comments, thx!
by =JeffH
https://github.com/w3c/webauthn/commit/81fdc9a301f02e2324945cf9cbe05245e69c6a29
* Don't require UP when UV is required for registration
by Emil Lundberg
https://github.com/w3c/webauthn/commit/223534e4ac67f31bbcc5d3a2ca263d9921167ea3
* Merge branch 'master' into issue-668
by Emil Lundberg
https://github.com/w3c/webauthn/commit/18be68bed0e7038bc1049dbafc56e8bc82576407
* Always require UV or UP in RP assertion verification
by Emil Lundberg
https://github.com/w3c/webauthn/commit/48e0a1d451a72ddd95a3030197a5201f235392d0
* Partially address review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/819b77a0be534ff0dc4e6754893dcbd0bd9c05de
* Resolve #698 - Rename requireUserVerification (#699)
* Resolve #698 - Rename requireUserVerification
* Rename userVerification to userVerificationRequirement
* Add missing |options|.{{authenticatorSelection}} prefix
* Add missing <code/> wrapper
* Remove extraneous </code> end tag
* Revert "Rename userVerification to userVerificationRequirement"
This reverts commit 4d774ddd542abac5d30682e4380b2d93cbe663a7.
by J.C. Jones
https://github.com/w3c/webauthn/commit/416732ec746d3d2efde237dbc3a072e02d1b3857
* fix #700 & #701: add same origin with ancestors param (#702)
* fix #700 add sameOriginWithAncestors parameter to internal methods, improve #701
* fix #701 [[Create]] and [[DiscoverFromExternalSource]] references have inconsistent parameter lists
* address jcjones' comments, thx!
* fix missing '(' problem
* make xrefs to credman Origin Confusion nicer
* fix 'var used only once' warning
* fix cut'n'paste error, thx emlun!
* editorial: normalize argument exposition across internal methods
* fix another sloppiness instance
* add ref to Note wrt leveraging Feature Policy spec in future
* minor edit
* further wordsmithing
by =JeffH
https://github.com/w3c/webauthn/commit/2f0b13e0afa13081e2cf62f09267e119196b8952
* Resolve linking errors for WD-07 publication (#703)
* fix proper subset tweak
* resolve linking error for AttestationNotPrivateError
* resolve linking error: idl ref not found for [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)
* remove unnecessary commits
* accept jeff suggestion
by Angelo Liao
https://github.com/w3c/webauthn/commit/5e63e5780a531a1cf8cf0e9f9e9b55507982bc9f
* revert master branch to editors' draft status
by JeffH
https://github.com/w3c/webauthn/commit/12f2d09a437489e69b0c482e664642bae32586bd
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/c45630284cbf41537706248c15811eee906833b7
* Merge branch 'master' into master4
by J.C. Jones
https://github.com/w3c/webauthn/commit/8ea9c78342438e3cc02ed2f5aabe65a821139c8e
* Merge branch 'master' into master4
by J.C. Jones
https://github.com/w3c/webauthn/commit/a4fe0faf249c37d2fb39eb05bb805c45fe420d9e
* Merge pull request #695 from gmandyam/master4
CDDL description of location extension
by gmandyam
https://github.com/w3c/webauthn/commit/33ac796035b250d29ddf056ac044319825128104
* Change link target for [=username=]
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1f8e10ce3d47aabf9df84007f6b6d04766008c41
* Address review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/7508d60780468ae570d93e4a95bb350f13fd686b
* Extract formal definition of Human Palatability
by Emil Lundberg
https://github.com/w3c/webauthn/commit/64b728e13e4ea65e1b13045baf52b677cf8ed345
* Rework the FIDO AppID extension.
This change clarifies the the behaviour of the `appid` client extension
and removes the client extension output.
Fixes #491.
by Adam Langley
https://github.com/w3c/webauthn/commit/b631dc5613ca267066f6cf6ab83f66f1a19b349f
* Don't say user handle is optional in Public Key Credential Source definition
This resolves #720.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d448eb3a2da0b5682cdf98c10c6a3ee5d399d667
* Add formal links to PublicKeyCredentialDescriptor description (#719)
This resolves #716.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8ea5208a01c5993149077e86ef697d20f43e058f
* Change id -> ID (#722)
by Emil Lundberg
https://github.com/w3c/webauthn/commit/0d52835299a025a114007dcb22bf5cf15b504c32
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/b6f9e7f94fa62f92e3002d426f71bb556d70532d
* Merge branch 'master' into master
by gmandyam
https://github.com/w3c/webauthn/commit/77c3c89ad8f07fa2a1fda27bbb49639acf9cda07
* Adding CDDL to txAuthSimple
by gmandyam
https://github.com/w3c/webauthn/commit/f319f475e475e9a3056d268d16cfee046b99623e
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/cc501ba79c813f74826d2d537af37d823ee40ae1
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/7b847602a817cb26e32b32c63506cf5688f6632a
* Fix issue #685 (#686)
See https://github.com/w3c/webauthn/issues/685
by Emil Lundberg
https://github.com/w3c/webauthn/commit/269144c764db7818c9d149bd08e82c83c2906d74
* Specify that SHA-256 is used for hashing the client data. (#710)
Approved on today's WG call
by Adam Langley
https://github.com/w3c/webauthn/commit/6734b92a8831b37c423e973d81624e89b6e20179
* Don't say user handle is optional in Public Key Credential Source definition (#721)
This resolves #720.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/986d6275555e1b9cdd58dc1fcb6df306979e3e9c
* Reference EduPerson for definition of Human Palatability
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1904e734025fd9262669e69b42b6745f7da63d2b
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/0cd24a061b2490c1e087650ee666594f913f130e
* Don't return user handle in getAssertion in 2nd factor mode
As stated in
https://github.com/w3c/webauthn/pull/558#issuecomment-331537953 and
https://github.com/w3c/webauthn/pull/558#issuecomment-330592503 the user
handle should not be returned when operating in 2nd factor mode (i.e.,
when given a non-empty `allowCredentials` list).
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3b2a1d141cbd8f2954f073a6b6598d954398a986
* Respond to PR comments.
by Adam Langley
https://github.com/w3c/webauthn/commit/ba0f730e3ef2fdbad0d242bddec5e08f3ad45b47
* Add note on why authenticator attachment ise used only in create() (#708)
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f780ca85a74f664bea4890bd1111a6e97b1099f0
* Correct Android Key attestation verification procedure. Fixes #599. (#717)
by Arnar Birgisson
https://github.com/w3c/webauthn/commit/8f349fefbba8326f493e7bfeb4150c961daaba53
* Updated editors and acknowledgements (#726)
Updated editors and acknowledgements and added contributors section
by Mike Jones
https://github.com/w3c/webauthn/commit/758115fa641e92234485369b1129741b6fde533d
* fix broken {{PublicKeyCredentialEntity/id}} links to be {{PublicKeyCredentialRpEntity/id}} (#728)
by =JeffH
https://github.com/w3c/webauthn/commit/9a7eba85fb463531382e36605119475182f6d4f6
* fix 711 identifier internal slot contains credID (#729)
by =JeffH
https://github.com/w3c/webauthn/commit/06af8bc949948fe4d7554f0bd59d942dc1430593
* Added John Bradley to Acknowledgements
by Mike Jones
https://github.com/w3c/webauthn/commit/99baccf8be8abf78607e4a86bad809189ec71863
* move the credentialId uniqueness handling to the formal alg steps. (#709)
* move the credentialId uniqueness handling to the formal alg steps. Close #579
* be more precise about what ceremony we mean
by Rolf Lindemann
https://github.com/w3c/webauthn/commit/a6c0da2f14924a52cd20d94f38012848b15db1b6
* Address review comments by @akshayku
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3938fc136da36ba518809b7ba9df476360173cf0
* CTAP alignment: Make storing user handle optional for non-resident keys
CTAP's [authenticatorMakeCredential][1] method stores the `user`
parameter only for resident credentials.
[1]: https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#h3_authenticatorMakeCredential
by Emil Lundberg
https://github.com/w3c/webauthn/commit/609d28a34bc5ff9b96c10f17db308268f9aa4ec5
* Revert "Don't say user handle is optional in Public Key Credential Source definition"
This reverts commit d448eb3a2da0b5682cdf98c10c6a3ee5d399d667.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/684581f714e3a4c10f07f63db5233751e9bbf3a2
* Merge branch 'master' into issue-184
by Emil Lundberg
https://github.com/w3c/webauthn/commit/73b9e4fb9e6a1cd4cce6448c34cfa1e54d0d6179
* Move getAssertion privacy considerations to Security Considerations
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1214398f9724889be48f011176db26325c2259b8
* Move normative language from priv-cons into algorithms
by Emil Lundberg
https://github.com/w3c/webauthn/commit/38e2c4fc25f5622d3a28152951471b15cc81e875
* Address review comments by @equalsJeffH
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2752db2ceb5bb928ffc7d75a7877c330689833fe
* Fix two more "denies consent" => "does not consent"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/0c6641025774dd41dc84acc91764b9d852322afd
* add 'Dictionary' to Credential{Creation,Request}Options section titles
by JeffH
https://github.com/w3c/webauthn/commit/8b1b3da69e1e0ce4adda44b7fa21e3a1e47966a3
* Address one of @equalsJeffH's review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f3e8afbad0d20ede932bb483be9e91ed01df1b6f
* Merge pull request #734 from w3c/jeffh-fix-497-dict-extension-titles
fix #497: add 'Dictionary' to Credential{Creation,Request}Options section titles
by Emil Lundberg
https://github.com/w3c/webauthn/commit/950f574888860152a8ae5b4921d4675a269363d3
* fix #455: we are using CTAP canonical CBOR encoding form everywhere (#731)
* fix #455: we are using CTAP canonical CBOR encoding form everywhere
* incorp akshayku's comment, thx!
by =JeffH
https://github.com/w3c/webauthn/commit/7be2d3df6c938a85cdd2c01b40dfdaf3e58c3d63
* Merge pull request #730 from w3c/issue-720-user-handle-optional
Fix #720: Align user handle management with CTAP
by Emil Lundberg
https://github.com/w3c/webauthn/commit/5948f3bea8d5ae5fd7137dadce20b1c3e267d6e5
* Merge branch 'master' into issue-622
by Emil Lundberg
https://github.com/w3c/webauthn/commit/432e531a7aa50013725964d6a0464113c7f8ba9e
* Merge pull request #666 from emlun/issue-622
Merging as decided on 2018-01-03 WG call.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/35b730be6d0e3db254db61f73c3a9dc2e602ddb4
* Merge branch 'master' into issue491
by Adam Langley
https://github.com/w3c/webauthn/commit/9c6ad1e18bb8aa1dc8b28fb417bcab5f11358f08
* Link “assertion”, as requested by Jeff.
by Adam Langley
https://github.com/w3c/webauthn/commit/6c9d5295ffee0a3820b8d387de3312521ffc8041
* Merge pull request #723 from agl/issue491
Rework the FIDO AppID extension.
by Adam Langley
https://github.com/w3c/webauthn/commit/0ed625785d7d8c01cc43a1d3910034a0ff49141a
* Normalize RFC2119 langugage (#470)
* Normalize RFC langugages
* Minor tweak to not accidentally change things
* update based on review
* fixed travis build issue
by Angelo Liao
https://github.com/w3c/webauthn/commit/3cfaeba5be63850c23231fa220e8b5592bfd62ed
* fix #322: flesh out Security Considerations (for now) (#705)
merging this per discussion on today's webauthn call. @agl & @leshi: please submit discrete issues for the items you identified above. thx.
commits:
* consolidate sec cons sections, create priv cons
* update FIDOSecRef URL to point to latest rev
* add FIDOAuthnrSecReqs ref, minor editorials
* expand WebAuthn client dfn, compose sec cons intro ref'g FIDOSecRef and FIDOAuthnrSecReqs
* fix AttestationNotPrivateError linking error, thx angelokai!
* fix [[DiscoverFromExternalSource]] link error, thx AngeloKai!
* address emlun's feedback, thx!
* merge from master and fix conflicts
by =JeffH
https://github.com/w3c/webauthn/commit/c64bdaf2f6b026369729e553b6008d4830e61993
* Changed uses of JSON string to USVString (#739)
by Mike Jones
https://github.com/w3c/webauthn/commit/ade832157979451f8e69367f0d5749a939ec2aef
* Merge branch 'master' into issue-184
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f7bc2f865e7b8c7689084a00c4cb501e7ad20b4c
* Fix typo
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8ee452ce488fd54bbd2ea1018422ef31d321307b
* fix 543: improve COSE_Key spec language and add COSE_Key examples (#732)
* update COSE_Key format description parag
* create example public keys section
* alg -37 is actually PS256; align PS256 & RS256 text with ES256 text
* fix modulus length, as encoded in COSE_Key, to be 256 bytes rather than 257
* incorp agl's comments, thx!
* adj example whitespace, thx agl!
* further whitespace twiddling...
by =JeffH
https://github.com/w3c/webauthn/commit/58e824a5c1b0d12cee42aa4fc25df47d8dcdb39e
* Fix #715 - add a conformance class note for FIDO U2F Attesation Types (#740)
Editorial fix: Note that U2F authenticators can't store-and-return a user
handle.
by J.C. Jones
https://github.com/w3c/webauthn/commit/958a9d1c1cb2c8a9b29c9fab6aa87db3f4ae18f8
* Revert one "denies consent" => "does not consent" change
See https://github.com/w3c/webauthn/pull/687#issuecomment-357038495
by Emil Lundberg
https://github.com/w3c/webauthn/commit/fb749d896665c3ffa708a508edc321c3cc5e3846
* Copy changes from #736
As requested by @equalsJeffH at
https://github.com/w3c/webauthn/pull/736#issuecomment-357309766
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f716b7fcfa4be4566a88a6f7b18b51804e66c721
* Merge pull request #735 from emlun/master
Change "denies consent" to "does not consent"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ab361bd7994ddce7ac53763c2a8089f737a5c1a8
* Fix outdated step references in RP registration algorithm
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b84a10783f2f3e3afbdd5afdb74aa7b2ddf52da4
* Merge pull request #687 from w3c/issue-184
Add privacy consideration about terminating getAssertion early
by Emil Lundberg
https://github.com/w3c/webauthn/commit/51ec228afc78b51abe1ee1fc6caa9f957a34d4f7
* Update CDDL to reflect packed, self-attestation.
The verification process for the packed attestation format deals with a
case where both `x5c` and `ecdaaKeyId` elements are absent, but the CDDL
doesn't reflect that possibility.
by Adam Langley
https://github.com/w3c/webauthn/commit/f0224aa2bb69478aa9d42894d5f036ad0c1d9936
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/60637e1eaeabf3b393b378d0e8fa7a6da9deca07
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/cbdd72eda7a251ff9d885295107cd6e7bb763480
* Un-hardcode step numbers in RP operations
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e192c3ee81adc52ab4c7a14f26cad6581ea7acf9
* Introduce |response| variable in RP registration operation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/301aa02dee6439856b8ed6d37cb6b9ec3562a424
* Address most of @equalsJeffH's review comments
See https://github.com/w3c/webauthn/pull/718#pullrequestreview-83906027
by Emil Lundberg
https://github.com/w3c/webauthn/commit/780a818978384cc4b0a410aca12e137da006a3bd
* Corrected txAuthGeneric client extension input type (#737)
* Corrected txAuthGeneric client extension input type
* Changed JSON object to JavaScript object
* Indent to make the input valid Markdown
by Mike Jones
https://github.com/w3c/webauthn/commit/696cc5f0d923bf770b514468ccb074b9db272dbc
* Un-hardcode list item numbers
Except for two cases where the preceding text explicitly states that the
list has two elements.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/427c7eb63f8b125c875aa7e080b05a997dd3c02e
* Merge pull request #754 from w3c/unhardcode-list-numbers
Un-hardcode list item numbers
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1e77b424cc8b61c11403ca3152d70bd3541fb440
* fix |allowCredentialDescriptorList| warning from L3605 (#761)
it's good enuff for now :)
by =JeffH
https://github.com/w3c/webauthn/commit/528916914afa9c17dd7a9a4a8b0b8fcc019d9034
* Bikeshed spec data update
by J.C. Jones
https://github.com/w3c/webauthn/commit/b0cae5e2fb2b6e0d7f25a2153768e137a01423f1
* Define preventSilentAccess() behavior (#758)
Merged per the decision at the Monterey plenary meeting
by Mike Jones
https://github.com/w3c/webauthn/commit/62095dac95b2a15b389352b0a23f31d380ca3831
* Define credentialIdLength representation (#756)
Merged
by Mike Jones
https://github.com/w3c/webauthn/commit/10c150517f1b05b796aee64953628fe948dfeae6
* Fix issue #753: Verify user identity in RP authentication operation (#755)
Merged
by Emil Lundberg
https://github.com/w3c/webauthn/commit/45b306297824475941d009b0d69f1eb3af43341e
* Reference FIDO Privacy Principles (#759)
Merged
by Mike Jones
https://github.com/w3c/webauthn/commit/9b8da80d6cd863ece10fc860a4f01083a7392c6b
* Security Considerations for Unsigned Credential ID (#766)
Thanks Emil!
by Mike Jones
https://github.com/w3c/webauthn/commit/e5c8c4fbf574a1a50192052c569d0e2dcdd57a29
* Define actions for “none” attestation.
This change defines a minimal set of actions for browsers to take when
“none” attestation is requested. It also defines a new, empty
attestation format for this case.
Fixes #694
by Adam Langley
https://github.com/w3c/webauthn/commit/35032b8da50d1f6b348470e484321dc357079812
* Update in light of Jeff's comments.
by Adam Langley
https://github.com/w3c/webauthn/commit/1d7e2ef08cb4ba72517733728cd8104fb604ccb1
* Address emlun's comments.
by Adam Langley
https://github.com/w3c/webauthn/commit/2c2e46f6a3efe0aebfd741546a88fcdc93281bb1
* Reference the FIDO 100k batch sizes.
PING suggested referencing the FIDO 100k requirement as guideance on
suitable batch sizing for attestation certificates.
Fixes #749
by Adam Langley
https://github.com/w3c/webauthn/commit/719f33bece65b433d377c30f80d1e7ccfdc2b0af
* Tighten up the specification of packed X.509 certificates.
Fixes #768.
by Adam Langley
https://github.com/w3c/webauthn/commit/d51fbe91bb64e3dc51f814e3b8470be38cfe4fe6
* Merge pull request #767 from agl/issue749
Reference the FIDO 100k batch sizes.
by Adam Langley
https://github.com/w3c/webauthn/commit/dc3958c9c439a0875db4c37a7e434e5c3f9464d9
* Merge pull request #769 from agl/issue768
Tighten up the specification of packed X.509 certificates.
by Adam Langley
https://github.com/w3c/webauthn/commit/9d5609d243966c9c99640ea97ed34b89e6df30b3
* fix #610 privacy CA now known as attestation CA (#762)
* fix #610 priv CA now attstn CA
* fix incorrect US English article, thx selfissued :)
* use AIK certificate term
by =JeffH
https://github.com/w3c/webauthn/commit/0f4cfe4807a09dffe565f69cdcc8dcc506706f96
* Strongly type client extension inputs and outputs (#765)
* Strongly type client extension inputs and outputs
* Remove the unused AuthenticationExtensionsAuthenticatorOutputs typedef
* Capitalize typedef names UvmEntry and UvmEntries
by Mike Jones
https://github.com/w3c/webauthn/commit/1fc8906a20bb0698d68de3fbe55ebd109617b3bd
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/0edd80c48387402c5890487494069e0678635d8b
* Merge branch 'master' into fix-step-references
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4bf1729398abe15036327045961a840c9327131f
* Fix outdated step reference in RP authentication algorithm
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3d4391384e76239596a4f5c8071ef295a4f83e84
* Merge branch 'master' into pr-718-editorial-changes
by Emil Lundberg
https://github.com/w3c/webauthn/commit/82333966cca3fcd4db4c63cecf95a09c395dfe8c
* Refer JSON deserialization to Infra spec
by Emil Lundberg
https://github.com/w3c/webauthn/commit/6eddb4292f8b92e99c96802f39f0f836a0569100
* Describe how authenticators unique and find credential sources. (#623)
* Define Public Key Credential Source and Credential ID.
This also redefines "Public Key Credential" to be the thing presented to the RP,
as a willful violation of RFC4949.
Credential ID is defined to explicitly include the possibility that it's the
encrypted Credential Source.
* Link "credential ID".
* Allow hashes as credential IDs.
* Describe how authenticators unique and find credential sources.
This happens to fix a maybe-bug where the authenticator didn't check that a
decrypted credential ID came from the right RP.
It's also much more precise about the distinction between a credential
descriptor and a credential or credential source.
* finish merge-from-master and fixup dangling internal crossrefs
* restore masthead
* restore clientDataHash rather than tbsHash in U2F attstn format
* fixing rendering issue
* fixup merge-from-master loose ends by hand
* fix var ignore issue
* address emlun's comments, thx!
* catch straggler from emlun's comments, mea culpa
* ignore a var make bikeshed happier
* move op-lookup-credsource-by-credid alg to new subsection
* dont need ignore no more
by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/4f1a3ba8339824dc0491274393bebe3c142676f6
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/d6bba254c77a6de09887471042916047a4acb6cd
* Merge pull request #751 from agl/selfattestation
Update CDDL to reflect packed, self-attestation.
by Adam Langley
https://github.com/w3c/webauthn/commit/72958fef808d45e04bbaaf6f17c494104162f0e5
* Merge branch 'master' into issue694
by Adam Langley
https://github.com/w3c/webauthn/commit/0c9591ec1fef2745a0a3fc9f74fbd66ad7612168
* Merge pull request #741 from agl/issue694
Define actions for “none” attestation.
by Adam Langley
https://github.com/w3c/webauthn/commit/4115aefd4617f4483317b0022e7dd0061ade91a7
* PR #763 untangled: Add consideration of browser permissions framework for extension processing (#771)
PR #763 untangled: Add consideration of browser permissions framework for extension processing
by Emil Lundberg
https://github.com/w3c/webauthn/commit/99766e01bae6955f895912e03a4448369a104a98
* Merge branch 'master' into issue-668
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b49703b7ff62b2d51b82110cb7ef7ba6f074534c
* Fix outdated step references in RP algorithms
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2026fdc3cf8ede55b3eaac11f37b18c994ce3520
* Merge pull request #752 from w3c/pr-718-editorial-changes
Editorial changes from PR #718
by Emil Lundberg
https://github.com/w3c/webauthn/commit/573a03abb3f0d7ce376f7a911d2d74b2f8af353f
* Merge pull request #747 from emlun/fix-step-references
Fix outdated step references in RP registration algorithm
by Emil Lundberg
https://github.com/w3c/webauthn/commit/572446dfe9be4cdc2660c1b5a65763b6da1d4b9c
* Merge branch 'master' into issue-668
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c13353eba51e22c93895f19b9498ca056d89bc36
* fix #658: add user cancelled operation Note (#760)
* fix #658
* wordsmithing per jcjones suggestion, thx!
by =JeffH
https://github.com/w3c/webauthn/commit/f13e030eaccfff478d17548d3f3f62ea0409040f
* Merge pull request #724 from gmandyam/master4
Adding CDDL to txAuthSimple
by gmandyam
https://github.com/w3c/webauthn/commit/5124c6106cad3798d28b0fde634ce4de60d30c0b
* fix 746: uniformly define attestation type short identifiers (#780)
* create short names for attstn types not having such
* tag Basic attstn occurances w/short name
* link all attstn type short names
by =JeffH
https://github.com/w3c/webauthn/commit/d56d1e76b9e27b182c7dc1909d4eb86983c7ab9e
* rmove self attstn from U2F attstn format (#781)
by =JeffH
https://github.com/w3c/webauthn/commit/7fa8792b7be410c4ddb632056a23357935a2c520
* Merge pull request #785 from emlun/issue-713-json-deserialization
Fix #713: Refer JSON deserialization to Infra spec
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4d700225b49d4ae0869509c1ff063fbed17c2667
* add discusion of authnr selection to authnr model intro (#782)
by =JeffH
https://github.com/w3c/webauthn/commit/24a567b36f5b9d0223067dc071464956a7750511
* fix #204: factor makeCred into reg & authn priv considerations (#777)
* factor makeCred into reg & authn priv cons
* refer to ceremony rather than operation
by =JeffH
https://github.com/w3c/webauthn/commit/1d7b0230e594771790a0ead18efc6a46be8e80d3
* CTAP2 definition fix (#783)
* fixes w3c/webauthn#774
* fixing geolocation spec linking and references
by Adam Powers
https://github.com/w3c/webauthn/commit/5633790f52bce8ed8bad396e974547bcb11f53a3
* Revise §9.5. "Authenticator extension processing" (#776)
* Clarify that |extensions| in authenticator ops is a CBOR map
* Use [=map/for each=] for iteration over authenticator extensions
* Revise "§9.5. Authenticator extension processing" a bit
* Move <dfn>authenticator extension input</dfn> to §9.5.
* Revert "Move <dfn>authenticator extension input</dfn> to §9.5."
This reverts commit 1179e9aeaa3b9858ca25033b51ff186393738c34.
* Attempt to address @selfissued's review comments
* Align wording between first and second paragraphs in section 9.5
by Emil Lundberg
https://github.com/w3c/webauthn/commit/42cc9dce83105f983e28084acf35357466d1c89b
* Rename MakePublicKeyCredentialOptions to PublicKeyCredentialCreateOptions (#779)
* Rename MakePublicKeyCredentialOptions to PublicKeyCredentialCreateOptions
* Changed PublicKeyCredentialCreateOptions to PublicKeyCredentialCreationOptions
by Mike Jones
https://github.com/w3c/webauthn/commit/ca4cf0f63d2f7f5fd48cddc31b1cb3d1d7f7a58b
* Merge branch 'master' into master
by gmandyam
https://github.com/w3c/webauthn/commit/e71d1874d0c0ffa64644bacabecf661fc7992611
* renamed authenticator-model to sctn-authenticator-model in order to avoid bikeshed warning regarding multiple elements with same ID (#790)
by Rolf Lindemann
https://github.com/w3c/webauthn/commit/a92321efe4dea6077137295ea7d05be7c6efba14
* update masthead and acks (#788)
by =JeffH
https://github.com/w3c/webauthn/commit/1dc69b110f0851acebc16c5c3bf4f5f4b477ba91
* Tpm attestation fields clarification (#791)
* Tpm attestation fields clarifications
* added reference to the Standard Attestation Structure table as it is hard to understand the field names without...
* added reference for TPMS_CERTIFY_INFO
* NitBit: Incorporate comments from Alex, Mike
by Akshay Kumar
https://github.com/w3c/webauthn/commit/f41cf83849f1725d545e14f1bb84f5569954b548
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/12363a8d147fd231947a769fc260742a1ce5eba2
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/971b383194430ca07b2913edaf30bc7571b45a99
* Merge pull request #510 from gmandyam/master
Biometric Criteria Extension
by gmandyam
https://github.com/w3c/webauthn/commit/d563d8352590322b404ef76e53a4f1480174e904
* Merge pull request #670 from w3c/issue-668
Fix #668: Recommend RPs to verify UP and UV flags
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2bc4c05c517ef3491d387c2c59e8807000832c7c
* fix #792: use utf 8 decode directly (#793)
* use UTF-8 decode alg directly
* grammatical addition
* ditto
* add JSON explicit parsing step
* fixup inter-step references, thx emlun!
* apply same changes to #verifying-assertion
* ident |C| as being client data
by =JeffH
https://github.com/w3c/webauthn/commit/57ab456f93afbd13ac1cd179996760a89be3c84d
* Add instructions for passing unknown extensions to authenticators (#789)
* Add instructions for passing unknown extensions to authenticators
* Applied editorial suggestions by Adam Langley and Jeff Hodges
* Add note about possibly implementing pass through under a feature flag
by Mike Jones
https://github.com/w3c/webauthn/commit/4dbc3af9d0aebad6bf87448a15574c36600c322b
* fix RP reg op inter-step refs (#795)
by =JeffH
https://github.com/w3c/webauthn/commit/e3c1ad491caa682e76ae682b6336298c929095f5
* Switch |tokenBindingId| to a structure.
The existing string was not able to express the ternary nature of token
binding for a given connection. See referenced bug for discussion.
Fixes #798
by Adam Langley
https://github.com/w3c/webauthn/commit/a47fe1c4d53b123caa7abc76e9659b95dc1c1a16
* Address @emlun comments.
by Adam Langley
https://github.com/w3c/webauthn/commit/8b8e9ecb6c388e6a46c51a768464aa99477a5942
* Merge pull request #802 from agl/issue798
Switch |tokenBindingId| to a structure.
by Anthony Nadalin
https://github.com/w3c/webauthn/commit/05335d4484044dbca552f74ab52ff171ebb71b34
* Signature field clarification in attestation statement (#805)
* Sig Clarification
* Sig Clarification 2
* Clarify that ECDSA is ASN.1 DER format
* Exception for ECDSA for consistency
* Put Signature formats in its own section
* typo
* Incorporating comments
* Incorporating comments-2
* Incorporating comments-3
* Incorporating comments-4
* Json comma issue
* Incorporating comments - 6
by Akshay Kumar
https://github.com/w3c/webauthn/commit/3a3700a68a73bdab35679cb8a83fc43c68262f7a
* Fix feature detection. (#808)
The current feature detection code will throw a 'ReferenceError', as 'PublicKeyCredential'
doesn't exist. Adding 'window.' turns it into a property lookup, which fails gracefully.
by Mike West
https://github.com/w3c/webauthn/commit/adbda3ec2ba2cfce06f57a7da45b1fca5170fbbb
* Make IANA COSE Algorithms values TBD with requested assignments (#812)
by Mike Jones
https://github.com/w3c/webauthn/commit/39bc6cf1c21a8a1731334666ae77a5f3c367d9ec
* Remove clientExtensions and authenticatorExtensions from CollectedClientData (#811)
* Remove clientExtensions and authenticatorExtensions from CollectedClientData
* Add RP ops steps vaguely instructing to verify extension outputs
* Require that no options are present that were not requested
* Editorial correction: options -> extensions
by Mike Jones
https://github.com/w3c/webauthn/commit/bbfd0777362b39f042ea061355cbaa7ed0946b5d
* Plumb CTAP's authorized "already registered" error through to RP (#809)
* Align makeCredential already registered case with CTAP2
* Add notes and privacy concerns section about distinguishable makeCredential errors
* Address @equalsJeffH's review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/195a8fb47ae321dd57c25dea50415f2e69c9003e
* Change from getClientExtensionResults function to clientExtensionResults attribute (#810)
* Change from getClientExtensionResults function to clientExtensionResults attribute
* Remove unnecessary internal slot [[clientExtensionsResults]]
* Make a very dense sentence slightly less dense
by Mike Jones
https://github.com/w3c/webauthn/commit/3ceed42963c22af0c3f0df1ecbae286318fce8ac
* Change uses of acme.com to example.com (#814)
by Mike Jones
https://github.com/w3c/webauthn/commit/c4a30ee7ea99de0cdfc38ceecac5649fc0806a1c
* Spelling and grammar corrections (#815)
* Spelling and grammar corrections
* Fix a few more a/an errors
* Apply <code>...</code> as suggested
by Mike Jones
https://github.com/w3c/webauthn/commit/5c3054f1f0e2a3eeb8a4f24b39032a5a239920b2
* Revert clientExtensionResults attribute back to getClientExtensionResults function (#816)
by Mike Jones
https://github.com/w3c/webauthn/commit/c18a1387026b51b3d33d19a12d49cd4e7f30deda
* Change Subject-C type from UTF8String to PrintableString (#819)
See RFC 5280 page 115: https://tools.ietf.org/html/rfc5280#page-115
by Emil Lundberg
https://github.com/w3c/webauthn/commit/567ae6de6f9e0632ffddb602904c153bd2cd5fb5
* UVI modification with CDDL
by gmandyam
https://github.com/w3c/webauthn/commit/241a56b30893a0d5997f7235315e76579bb3654b
* Updates for draft-hodges-webauthn-registries-01 (#824)
by Mike Jones
https://github.com/w3c/webauthn/commit/716a169d4f68508dfe28216789bf820222e48a7e
* Add list of benefits RP gains from the spec
by Emil Lundberg
https://github.com/w3c/webauthn/commit/828b5bebeccad517f2a7d79e55a65b67db21563c
* Add RP conformance section on ignoring attestation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/cb06c8af085f57585e84d4084d6d81fd61cbca9c
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/b75b4d23a946945d64bf96851c9c4a21769b27bc
* Move discussion of RP benefits to security considerations
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e3ec29d34e09fb770724950a2115e51c8b15bfc4
* Add links to two previous working drafts (#834)
merging per @AngeloKai's request
* fix proper subset tweak
* resolve linking error for AttestationNotPrivateError
* resolve linking error: idl ref not found for [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)
* remove unnecessary commits
* accept jeff suggestion
* added links to two previous WDs
by Angelo Liao
https://github.com/w3c/webauthn/commit/9c60eedd5bf0eb4e77895498447e0c2c8ada4aa8
* Clarify the U2F Attestation format to have a single certificate
The [U2F Raw Message Format](https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#h3_registration-response-message-success) only allows for a single attestation certificate in U2F responses.
This PR reflects this in the U2F Attestation Format to reduce the chance of misunderstanding when implementing the server verification.
by Arnar Birgisson
https://github.com/w3c/webauthn/commit/4e19fe4099a5f7c0248c25fdf4b9e3ce7ba4a86d
* Remove vestigial reference to CollectedClientData/clientExtensions (#835)
Merging per decision on 14-Mar-18 call
by Mike Jones
https://github.com/w3c/webauthn/commit/f0a495b8a4845a2046962e3cfb75ee41d390b94d
* move Johan from contributors to acknowledgements (#839)
by Samuel Weiler
https://github.com/w3c/webauthn/commit/c53c1d1c77c23b9f25e9620a9de5572b789ff965
* fix linking errors, ref PublicKeyCredentialCreationOptions rather than MakePublicKeyCredentialOptions (#840)
merging on @AngeloKai's request.
by =JeffH
https://github.com/w3c/webauthn/commit/e155baef021b98dc2d3d4dfa90cf2855ae7da807
* Refer "man-in-the-middle attack" to RFC 4949
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ce8eadb662889222135f08d14a6f4498947dd887
* Note that self- and no-attestation is a "leap of faith" as defined by RFC 4949
by Emil Lundberg
https://github.com/w3c/webauthn/commit/da06b8f8718e653e720eef9c1a6fef9fa51bd6d0
* Add link to "attachment modality" reference
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1e3241503b08069d7eaa58733c86f6968be68f63
* Define Authentication Ceremony as alias of Authentication
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2c01f6f98eeedf4297d9fd1cdad2dadc0ad5b735
* Define Registration Ceremony as alias of Registration
by Emil Lundberg
https://github.com/w3c/webauthn/commit/77f814b0f45c246447863db3efd21423fb05c155
* Add authenticator taxonomy diagram
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f6b5bcc8cf51c6dd18e15173671a5ddc4919d74c
* WIP: Extract Authenticator Taxonomy section and define 1st/2nd factor authnr/cred
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2ea108580a3b5d8adbecf02b831bff0c38c3f0ac
* Define Authentication Factor
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b9917b28bad6a9743cc3f15d749bbe66efb60cb4
* WIP: Replace definitions with use case descriptions
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2f980e7da765fac1071b388af06b0fd5fa81501a
* Link authentication factor terms to NIST SP 800-63r3
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ecc950c16c3f7316e7c26c5fba4c54193c379e01
* Fix #848: Weirdness in RP UP verification
§7.1. Registering a new credential currently reads (and §7.2. Verifying
an authentication assertion is analogous):
>10. If user verification is required for this registration, verify that
the User Verified bit of the `flags` in _authData_ is set.
>11. If user verification is not required for this registration, verify
that the User Present bit of the `flags` in _authData_ is set.
This results in the following truth table:
UV req. | UP req? | UV res. | UP res. | Accept?
------------+---------+---------+---------+--------
discouraged | Yes | 0 | 0 | No
discouraged | Yes | 0 | 1 | Yes
discouraged | Yes | 1 | 0 | No
discouraged | Yes | 1 | 1 | Yes
preferred | Yes | 0 | 0 | No
preferred | Yes | 0 | 1 | Yes
preferred | Yes | 1 | 0 | No
preferred | Yes | 1 | 1 | Yes
required | No | 0 | 0 | No
required | No | 0 | 1 | No
required | No | 1 | 0 | Yes
required | No | 1 | 1 | Yes
Note, for example, how UV `preferred` means that a response with `(UV=1,
UP=0)` should be rejected.
It makes more sense to let the UP requirement be defined by the UV
_response_ instead of the UV _requirement_:
UV req. | UV res. | UP req? | UP res. | Accept?
------------+---------+---------+---------+--------
discouraged | 0 | Yes | 0 | No
discouraged | 0 | Yes | 1 | Yes
discouraged | 1 | No | 0 | Yes
discouraged | 1 | No | 1 | Yes
preferred | 0 | Yes | 0 | No
preferred | 0 | Yes | 1 | Yes
preferred | 1 | No | 0 | Yes
preferred | 1 | No | 1 | Yes
required | 0 | Yes | 0 | No
required | 0 | Yes | 1 | No
required | 1 | No | 0 | Yes
required | 1 | No | 1 | Yes
by Emil Lundberg
https://github.com/w3c/webauthn/commit/5b026ad5fcab52b853995a8ca8f4959bd9f9c0b7
* Add note about verifying U2F assertion signatures
by Emil Lundberg
https://github.com/w3c/webauthn/commit/632041ccf34edc39cdeb02a9ef71c8de135c2748
* draft-jones-webauthn-cose-algorithms
by Mike Jones
https://github.com/w3c/webauthn/commit/e49263b4bb903f301e13c740dadb01ba46214396
* Add non-ASCII RP display name example (#825)
* Add non-ASCII RP display name example
* Change Cyrillic RP name example as recommended by @herrjemand
by Emil Lundberg
https://github.com/w3c/webauthn/commit/0e298804c5f43e42d9ff180165e5be9e4a27550b
* Explicitly recommend generating AAGUIDs randomly. (#826)
Fixes #452.
by Adam Langley
https://github.com/w3c/webauthn/commit/d2c3c3507ffd696c25d4b81bd1b3abea3e997729
* Add User Public Key as alias of Credential Public Key (#830)
* Add User Public Key as alias of Credential Public Key
* Mention user private key in credential private key definition prose
* Also reference FIDO UAF in mention of user private key
* Make the new note a Note:
by Emil Lundberg
https://github.com/w3c/webauthn/commit/61ee7ce351a6fb361bd0c5ad4487e8c7c8366f21
* add link to WD-webauthn-20180315 (WD-09) (#843)
by =JeffH
https://github.com/w3c/webauthn/commit/60000a46fc319418809f22e13a7088f61a1472e1
* Update PubStatus.md
by Samuel Weiler
https://github.com/w3c/webauthn/commit/c67338cade6ea797a36b8b97a8e82a82473e29ef
* Resolve issue #844: the abort() command is on AbortController, not the underlying signal.
by Ki-Eun Shin
https://github.com/w3c/webauthn/commit/eb49aada831ca2604926545fc84ef98c40f02a53
* fix-855-add-link-to-CR (#856)
by =JeffH
https://github.com/w3c/webauthn/commit/98ff314ae403b84863add51fd81768e23e8d726c
* Add missing description of PublicKeyCredentialDescriptor.transports
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e2c1243cee3a851df2c3556b94bf1ae559e4b073
* Fix reference to U2F user public key format
by Emil Lundberg
https://github.com/w3c/webauthn/commit/68d8cb8a673ed46f0d4fc5b11a97a528b44e76a3
* Improve U2F key reformatting instructions as suggested by @apowers
See https://github.com/w3c/webauthn/issues/857
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c137565f1d042c5a65606e36d543daf9d7642643
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/9beac26df7def6e8622d591934160cada1a12c12
* Always verify UP bit in RP ops
As pointed out by @akshayku, recent drafts of CTAP now support this.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a46247182ccbda508a619f27d4437649a30004a3
* Merge branch 'master' into master2
by JeffH
https://github.com/w3c/webauthn/commit/48389cc2ff4debae9f008c72191d95ef82eea9f9
* Add note about platform authnrs as roaming authnrs
by Emil Lundberg
https://github.com/w3c/webauthn/commit/fabf85e049906dc9b6e4fe1301be61ed57986627
* Remove some authenticator property labels from authnr taxonomy diagram
by Emil Lundberg
https://github.com/w3c/webauthn/commit/68825d1bf896ad4024ab19770da736dee232039e
* Emphasise that the CollectedClientData can be extended. (#827)
* Emphasise that the CollectedClientData can be extended.
There is a risk that RPs will implement overly simplistic parsing of the
CollectedClientData and end up intolerant of any future additions. This
change emphasises the need to parse it properly and will be coupled with
a behaviour in Chrome that inserts a key (`new_keys_may_be_added_here`)
in a random 20% of cases.
* Make the note a "Note:"
by Adam Langley
https://github.com/w3c/webauthn/commit/b84d9cb9dd1fb80ac000de0bf3e92e92338eb357
* Address review comments by @kieun (#832)
* Address review comments by @kieun
* Revert CTAP2 URL fragment change
See comment by @equalsJeffH at
https://github.com/w3c/webauthn/pull/832#discussion_r173599006
* <dfn> AppID in FIDO AppID Extension section heading
As suggested by @equalsJeffH at
https://github.com/w3c/webauthn/pull/832#discussion_r173599568
by Emil Lundberg
https://github.com/w3c/webauthn/commit/6d5aa3e58d23a710b8756289c63bc00f69190baa
* Fix grammar
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f234d4abea7ac5b1d0fe5bc4128706c737b15f14
* Merge branch 'master' into master2
by JeffH
https://github.com/w3c/webauthn/commit/3bae3c068d201725a2456603de3346b9e5fc3680
* Obfuscate Safetynet nonce
Closes #868
by Alexei Czeskis
https://github.com/w3c/webauthn/commit/7c94792da69919fb1e7bef88954a6831f660bcc8
* Revert "Obfuscate Safetynet nonce"
Accidentally commited to master -- OR -- just showing you all how to
undo a commit to master in case you accidentally make this mistake on
accident and not on purpose like me...
This reverts commit 7c94792da69919fb1e7bef88954a6831f660bcc8.
by Alexei Czeskis
https://github.com/w3c/webauthn/commit/2a23a11ceb500b594324085338a0fea67b66dabf
* Merge branch 'master' into issue-848-rp-up-verification
by JeffH
https://github.com/w3c/webauthn/commit/2ae16c671edfbce5dc6ec020deae706a13d751c9
* Obfuscate Safetynet nonce (#869)
Closes #868
by Alexei Czeskis
https://github.com/w3c/webauthn/commit/f14f12499b7cc191453bc4c1d02b94ace0f1c320
* Merge pull request #821 from gmandyam/master2
UVI modification with CDDL
by gmandyam
https://github.com/w3c/webauthn/commit/263fe9357f6c335b4d491605dc67d0db3bc6c712
* Add recommendation of challenge length (#858)
LGTM, merging per 11-Apr-2018 concall.
* Add recommendation of minimum challenge length
* Add link to security consideration from makeCredential challenge parameter
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b9af923897efecaf2f85558748ee3fe3385fddd2
* Add mention of authenticator policy enforcement to RP benefits section
by Emil Lundberg
https://github.com/w3c/webauthn/commit/9ea86baaf8037a9eeb0571f3a177823a586ac7df
* Address most of @equalsJeffH's review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2b698256904e058643a132a0cac25c2977953f7b
* Add note about None being the default attestation type
by Emil Lundberg
https://github.com/w3c/webauthn/commit/dac35abe7d6bf49250fd4ab6b1544851a515bcd7
* Fix |authData| -> |aData|
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2dabcf8ac7a5734504443148697c69c86697a799
* Address @equalsJeffH's review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/425afcdab84fdd99867cbc6323b5b7668bec069f
* Clarify that authentication use case example requires pairing the phone first
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e36ee7c6959fd2623ff146fb1dbb77a909469e85
* Merge branch 'master' into authenticator-taxonomy
by Emil Lundberg
https://github.com/w3c/webauthn/commit/de7c61c75a6e4a13279ac8e77a0adb7e08643297
* Extract cross-spec ref for RFC8152 Secion 7
by Emil Lundberg
https://github.com/w3c/webauthn/commit/0bc2eece80bfc942215e2de400f35c074b66c0c4
* Extract cross-spec ref for FIDO-U2F-Message-Formats Secion 4.3
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b05010da756d2deffd507044d289b33a1085d02e
* Extract section 6.1.2. FIDO U2F signature format compatibility
by Emil Lundberg
https://github.com/w3c/webauthn/commit/88bb9aec22147152535c012cf686d378ddb72a52
* Add example of new device enrollment via roaming authenticator
by Emil Lundberg
https://github.com/w3c/webauthn/commit/63c71d866143e17d6cc87fb3dc5962456a687499
* Fixed example with incorrect allowCredential. Improved existing examples
by Ackermann Yuriy
https://github.com/w3c/webauthn/commit/9bd9dd890984481a8c09a0d46d0a06875ea36c29
* non- -> non-null (#890)
by =JeffH
https://github.com/w3c/webauthn/commit/c880ab937f69bc5cad48d3dd784068f760e959b8
* Address @equalsJeffH's review comment
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f4575a0a6001e4e58da692d91ca289c94a8cc109
* Merge pull request #881 from w3c/issue-874-clarify-use-case
Clarify that authentication use case example requires pairing the phone first
by Emil Lundberg
https://github.com/w3c/webauthn/commit/aabeeaf52debdad98bbedc8ff9efed4e96d37451
* Merge branch 'master' into issue-857-u2f-attestation-verification
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3afbcf955b357e7f0e5208b0b01436ee36ae35fd
* Merge pull request #861 from w3c/issue-857-u2f-attestation-verification
Clarify U2F attestation verification instructions
by Emil Lundberg
https://github.com/w3c/webauthn/commit/848659eb2d3c115ad22883eb2dd70c0413de9639
* Merge branch 'master' into issue-845-u2f-signature
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f3940003f8e43e7c9c43889592d21f416a580a46
* Merge pull request #850 from w3c/issue-845-u2f-signature
Add note about verifying U2F assertion signatures
by Emil Lundberg
https://github.com/w3c/webauthn/commit/da1d21d5da190d8fc2ae3b880c31875675106b4e
* Merge pull request #849 from w3c/issue-848-rp-up-verification
Fix #848: Weirdness in RP UP verification
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c22b1ac49d3cbb4ba1902272ae5470bc2292ea55
* Merge pull request #860 from w3c/issue-852-transports-description
Add missing description of PublicKeyCredentialDescriptor.transports
by Emil Lundberg
https://github.com/w3c/webauthn/commit/864bc4fe0fecc9529d5a35918d3549fb1446a6e7
* Address @equalsJeffH's review comments
See https://github.com/w3c/webauthn/pull/884#pullrequestreview-116428726
by Emil Lundberg
https://github.com/w3c/webauthn/commit/bc805203c29f4febf5e587568df56ffc304f83f1
* Merge two steps of new device enrollment use case
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1a11551f81ed4254382202f681371b84cdb237b8
* Merge branch 'master' into issue-151-credential-portability
by Emil Lundberg
https://github.com/w3c/webauthn/commit/797155e9063232cc73276c0f392dbb37aaae8c0a
* Merge branch 'master' into issue-576-rp-no-attestation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2fa1436aacd413290d0dec878eface01555f49f4
* Reference [[FIDO-Registry]] for raw EC public key format
See https://github.com/w3c/webauthn/issues/891
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8e004d001c950f5a155f5e4294d690cabe7186fa
* Use |authData| in both RP operations (#892)
* Replace |aData| and |adata| with |authData|
* Fix #875: cleanup: interstital blank line
by Emil Lundberg
https://github.com/w3c/webauthn/commit/96bc24a1ffcd71508e08f20e56c45a9a6994e637
* "with string-valued keys" => "whose keys are strings" (#880)
The wording "whose keys are strings" works.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4f584b82eb9f513efabc1fd317c651df8128d3f2
* Merge pull request #836 from arnar/patch-1
Clarify the U2F Attestation format to have a single certificate
by Adam Langley
https://github.com/w3c/webauthn/commit/92142acd0359d1d82fc7420b2704d011d560e1cc
* Fixed incorrect field size that makes all letters to overlap each other (#887)
Merging, per 2-May-18 call decision.
by Ackermann Yuriy
https://github.com/w3c/webauthn/commit/b470728005ff9dc142722a39fc7d327813c1f2b4
* Merge pull request #893 from w3c/issue-891-ref-fido-registry
Reference [[FIDO-Registry]] for raw EC public key format
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b8e3f6429690a575a446a7242a567e22f42c4c2d
* draft-jones-webauthn-cose-algorithms-01 (#895)
Tracks initial IANA COSE Algorithm registrations that have been made
by Mike Jones
https://github.com/w3c/webauthn/commit/7451b28a2464c6b4a6c4d2b01163b81227f2f578
* Replace [[FIDOReg]] with [[FIDO-Registry]]
by Emil Lundberg
https://github.com/w3c/webauthn/commit/80e6df67a0fe4624a83d3b68e1aeb8f8312b7e45
* Add section headings to [[FIDO-Registry]] references
by Emil Lundberg
https://github.com/w3c/webauthn/commit/164bce178a1bbae02cd121917efaaa833dd48ebe
* Track initial COSE algorithm registrations made for WebAuthn (#896)
by Mike Jones
https://github.com/w3c/webauthn/commit/b3aa419a452cf73110885874e7c7550aaa128799
* Merge branch 'master' into authenticator-taxonomy
by Emil Lundberg
https://github.com/w3c/webauthn/commit/75f348ee38dc8f4311d8e0aab191934a43d69a7e
* Relax "highly resistant" to just "resistant"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/333f22d85cf3448e2b54170fb404bc416daf85d7
* Merge branch 'master' into issue-576-rp-no-attestation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f80ea1a311a9ad55a08f12b6e22e64d741abe237
* Document prevention of attacks on privacy
by Emil Lundberg
https://github.com/w3c/webauthn/commit/10e12d0bfffa8d5cf6980425e90766d66050ff0d
* Reference §14.4 in §14.2
by Emil Lundberg
https://github.com/w3c/webauthn/commit/6a83ec06d619aedee05d1f9892f453689b6fcb1b
* Merge pull request #829 from emlun/issue-576-rp-no-attestation
Add RP conformance section on ignoring attestation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/18501cdb9433bd11f484064e96ce9a462c44bc50
* Merge pull request #897 from w3c/issue-894-new-fido-registry
Replace [[FIDOReg]] with [[FIDO-Registry]]
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1c3dd46e4952b15892a6ebfc4387c8e8369c35f0
* Fix issue with |savedCredentialId| scope
This fixes one of the inline issues in the spec.
Since the value of the |savedCredentialId| variable depends on the
credentials contained in each |authenticator|, a single global
|savedCredentialId| variable is not sufficient. Therefore a map of
|authenticator|s to |savedCredentialId|s is used instead.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/33cdaf1da2f0384266cc852f8fe8c3db49be7722
* Reformulate "lifetime of |lifetimeTimer|" as "until |lifetimeTimer| expires"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e124cd769b561a8938fbed8e9964b3d0e20a2d7e
* Merge "for each authenticator" algorithm step into "while timer not expired" step
This merges the previous step 19 of makeCredential in as a switch case
of step 20, and the previous step 18 of getAssertion in as a switch case
of step 19. This way there is only one step in each algorithm that tries
to express things to do asynchronously for the duration of the timer.
The inline `Issue:`s mentioning underspecified behaviour are replaced
with descriptions of an abstract "set of presently available
authenticators" and `Note:`s indicating that this is intentionally
underspecified and meant to represent different connection and discovery
mechanisms all in one.
This also swaps the order of the previous steps 17 ("Start
|lifetimeTimer|.") and 18 ("Let |issuedRequests| be a new ordered set")
of makeCredential, for consistency with getAssertion and so that the
step "Start |lifetimeTimer|." immediately precedes the step "While
|lifetimeTimer| has not expired [...]".
by Emil Lundberg
https://github.com/w3c/webauthn/commit/56fd4467d5ff256fb391423bb35740dbce041853
* Fix issue #405
See https://github.com/w3c/webauthn/issues/405
by Emil Lundberg
https://github.com/w3c/webauthn/commit/26275b79c01f314515dcd63adef4e39ae56b39e8
* Fix dfn block formatting for AuthenticatorTransport as well
by Emil Lundberg
https://github.com/w3c/webauthn/commit/69cdf7b4e56ed5cd0f48400439840fcf7ac797ca
* Fix dfn block formatting for UserVerificationRequirement as well
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d3c10427c837b62b3e5765d5cdbc53038326c67d
* Fix dfn block formatting for AuthenticatorAttachment as well
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b49fd2717a9e22abdff25bc646047b2cda2043e2
* Fix dfn block formatting for TokenBinding and TokenBindingStatus
by Emil Lundberg
https://github.com/w3c/webauthn/commit/321a9db0b4cc433e8ea882d568844b3f81158b44
* Properly reference {{TokenBinding/id}} from {{TokenBinding/status}}
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4d6991ba326af7ab706be7a7d5fd63215ea1a95e
* Add an “internal” AuthenticatorTransport.
The motivating example is a built-in fingerprint reader. It might be
connected via an I²C bus or the like, but the current
AuthenticatorTransport enumeration cannot express anything like that.
This change adds a catch-all for these internal transports because, from
the point of view of the client, they're all the same: there's nothing
for the user to do if they're not there so no point prompting them.
It also clarifies that the “usb” type means a removable USB device. Some
built-in hardware (esp in laptops) is connected via an internal USB bus,
but a user would not know that and would not want to be prompted like it
was a removable device in that case.
by Adam Langley
https://github.com/w3c/webauthn/commit/6e4480e49b3de9ebb435bdcc30b8b22a4083f784
* Remove mention of a timeout for isUserVerifyingPlatformAuthenticatorAvailable.
As discussed on the issue, implementations appear to be converging on
implementing this call without prompting the user and returning
immediately. The wording in this section is loose enough that
implementations that wish to continue using a timeout can find enough
slack to do so, but this change removes the firm suggestion to do so.
Also, align the spacing of “Promise<T>” to match the style used
elsewhere in the W3C specs.
Fixes #575
by Adam Langley
https://github.com/w3c/webauthn/commit/f55c4c3a38ef18349b1feb91f8763875c39758d5
* Add two abort paths for getting an assertion.
This change handles cases (1) and (3) of issue #905. Specifically it
augments the process for getting an assertion to allow a client to abort
based on (optional) UI, and to abort (after user notification) when it
becomes aware that the process cannot be satisfied.
Updates #905
by Adam Langley
https://github.com/w3c/webauthn/commit/ed3abec313375cb38a11e964be917306c95308d8
* Add @agl's commas
by Emil Lundberg
https://github.com/w3c/webauthn/commit/bc6dcf0ae53dc6dcfec16cda20ce6e3549540eff
* Emphasize that already-available authenticators also "become available"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e5696ed6bee6f13d9eb1b2062ab1cce6d2298df7
* Remove (probably) outdated inline issue 2:
ISSUE 2 @balfanz wishes to add to the "direct" case: If the
authenticator violates the privacy requirements of the attestation type
it is using, the client SHOULD terminate this algorithm with an
"AttestationNotPrivateError".
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2582344c70504541b0248aa91d078c18a1118709
* Unnecessary to specify extension validity
by Kim Paulhamus
https://github.com/w3c/webauthn/commit/045e92e40b00dd917ea970b59f3466e4cbf30ede
* Fix urlPrefix of FIDO-APPID anchors to agree with FIDO-APPID in biblio
by Emil Lundberg
https://github.com/w3c/webauthn/commit/73ec34024dfe5e50580ce1e9338184802676e67f
* Update FIDO references to newer versions of the documents
by Emil Lundberg
https://github.com/w3c/webauthn/commit/836b12623cf30066b98455059a63c10bf9a1dd6e
* Merge pull request #903 from agl/internal-transport
Add an “internal” AuthenticatorTransport.
by Adam Langley
https://github.com/w3c/webauthn/commit/3c5e383f0f5642e9d5815d97480e7d1b198356fe
* Emphasize credentialId randomness in example
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b79038beadb2bff11afd3194c133182633acc39b
* Merge branch 'master' into patch-2
by Emil Lundberg
https://github.com/w3c/webauthn/commit/557ac578faf052d48893d7c23650a06d42fa0fcf
* Eliminate the “not-supported” option for tokenBinding.status
The tokenBinding member is optional so this created two different ways
to encode that tokenBinding wasn't supported: omitting tokenBinding
completely and including it with status = “not-supported”. This change
eliminates the second option.
This matches Firefox's current behaviour and Chrome will align.
Fixes #907.
by Adam Langley
https://github.com/w3c/webauthn/commit/df81b61d660079345c1e40afc2762ea812db96f0
* Update more FIDO references
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a43d1792ffaa7b7b6c9c92e1d4479c35d24afe1a
* Merge branch 'master' into issue-405-dfn-blocks
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4fc53d8f765b745b74e8c978b174d7e9b4285048
* Fix run-on sentences in example comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a86910e927ba25510e3ce702374285516639ef01
* Specify the meaning of omitting tokenBinding.
by Adam Langley
https://github.com/w3c/webauthn/commit/31aed6629c957829466415ad62d93e2210524e3f
* Address Mike's comment.
by Adam Langley
https://github.com/w3c/webauthn/commit/0244f7c90cd88b37d7e7141cd3b862dc81b63387
* Address @selfissued's review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/0b3e939f9142a1b7c8d1edb9d9c0e354cfbc9866
* Remove confirmation prompt from isUserVerifyingPlatformAuthenticatorAvailable()
See:
- https://github.com/w3c/webauthn/issues/575#issuecomment-386059592
- https://github.com/w3c/webauthn/issues/575#issuecomment-386650507
- https://github.com/w3c/webauthn/issues/575#issuecomment-393134099
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ad22fce9fbe6685490dd767bb52445e600c9af88
* Use consistent formatting for "true" in prose
by Emil Lundberg
https://github.com/w3c/webauthn/commit/59acf19709bb64ab89b59fa37d91f8eda3bdc80d
* Use consistent formatting for "false" in prose
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a067ae4239c43b1467daad5288494accf13456ab
* Fix uses of "Boolean" in prose text
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d368b688e3c62d9ea811f0d871bcc61fddb25769
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/5e08a1d71eaab8703e9ee6ddd5ca59eb3607bf8e
* Merge pull request #924 from gmandyam/master
Modify Location Extension description
by gmandyam
https://github.com/w3c/webauthn/commit/bcd08c6641e8ff3bb43b5ba8c23b0df81c602027
* Merge pull request #922 from w3c/issue-921-boolean-formatting
Fix formatting of Boolean values and type name
by Emil Lundberg
https://github.com/w3c/webauthn/commit/454985fd9477b1c4241cf8f8333ef34054279f22
* Merge branch 'master' into issue-898-update-fido-refs
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f9b5981a3ec09c2842df8f2c5e9f9431cac9dd4f
* Merge pull request #913 from w3c/issue-898-update-fido-refs
Update FIDO references to newer documents
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2c6faa8cad963a9dd2eacbb19022cdee4001a745
* Remove other unnecessary statements
by Kim Paulhamus
https://github.com/w3c/webauthn/commit/8e7635112e375f2a5f862d34da188670ae829357
* Merge branch 'master' into issue-405-dfn-blocks
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d2505b4c949ae5978ff29e3a1412e9532a5e6640
* Merge branch 'master' into issue-613-hot-plugging-finish
by Emil Lundberg
https://github.com/w3c/webauthn/commit/25527753261d554425a4daac7302744e1ff6b5c6
* Merge branch 'master' into issue-613-hot-plugging-finish
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f2fae2ed1f083232561134a6afa90f851c76e528
* Merge branch 'master' into issue-613-hot-plugging-finish
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c8f110d9765a2a9aeee2d68bcf7e1e9fd31f3ba8
* Create draft-jones-webauthn-secp256k1 to register secp256k1 curve and algorithm identifiers (#918)
Posted as https://tools.ietf.org/html/draft-jones-webauthn-secp256k1-00
by Mike Jones
https://github.com/w3c/webauthn/commit/c24321f2eb778e880de14b463c5887915e758a95
* Merge pull request #908 from w3c/issue-454-inline-issue-2
Remove (probably) outdated inline issue 2
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d3c0757acd9f630774ce3d5ecf8d8e0fe93c6ab0
* Merge pull request #901 from w3c/issue-405-dfn-blocks
Adopt definition list markdown notation for dfn blocks
by Emil Lundberg
https://github.com/w3c/webauthn/commit/0f5b3a806a9f8e2ff02207fd673e130db2bb0db2
* Merge pull request #910 from kpaulh/trim-extensions
Trim unnecessary step from appId extension
by kpaulh
https://github.com/w3c/webauthn/commit/b455562d9c50af7fca0c753779d80f2c95784447
* Merge pull request #888 from herrjemand/patch-2
Fixed example with incorrect allowCredential. Improved existing examples
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f3b706b2b1a47ce53de8ebfa74fd88d486143fee
* Merge pull request #900 from w3c/issue-613-hot-plugging-finish
Finish up hot-plugging algorithm language
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b0ca15fa82e531dadaba9fc49c8c7abf141ef4d5
* Merge branch 'master' into issue907
by Adam Langley
https://github.com/w3c/webauthn/commit/0db8a61125c6dbb88474207123e34e1742f666cc
* Merge branch 'master' into issue905
by Adam Langley
https://github.com/w3c/webauthn/commit/0ce104939eacc3928dd1c35e10b48f55f2545a81
* Merge pull request #1 from w3c/issue575-remove-consent-prompt
Remove confirmation prompt from isUVPAA
by Adam Langley
https://github.com/w3c/webauthn/commit/82b6b3732eee66d37672454ea59fb93eb608bc6b
* Merge branch 'master' into issue575
by Adam Langley
https://github.com/w3c/webauthn/commit/06db112d81e09878257e54e7febaabe16f4a89e6
* Address some of @equalsJeffH's review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/990b892c9f8f15f6403a1665d48c5748e9bc38f5
* Reword definitions of |authenticators|
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8b6b7e1ded0f64806da8a739f4879bc5edfc7c6f
* Change “optional” to “OPTIONAL”.
by Adam Langley
https://github.com/w3c/webauthn/commit/802ddec2c7b0bdcbe01bdd2b89715bd4043f5cd9
* Merge pull request #940 from w3c/pr-900-post-merge-review
PR #900 post-merge review changes
by Emil Lundberg
https://github.com/w3c/webauthn/commit/5cc9a6ac8cd9485ea3c23b40e9d230c11cfdaaaa
* Add experimental Travis build with no Bikeshed cache
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e59a95de705e6c2d1d8db077ab2943892ad1deb9
* Don't wait for experimental job before reporting build status
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2a2e9a3ea380484b06be0899cdfa7aa9c4ce63cf
* Merge branch 'master' into authenticator-taxonomy
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ef272adc664bda8f00d370969d1d9e860cade171
* Fix variable style
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2f8ea53cc2dc667855687b8e2ac2e3f49596c3ee
* Per Credential Signature Counters (#935)
* PerCredentialSignatureCounters
* shouldSHOULD
by Akshay Kumar
https://github.com/w3c/webauthn/commit/f0acd1ade1ad27bccf52e85435ae7256f275d05d
* improve #936: existing linking lint (#944)
merging this editorial fixup PR...
* remove some dfn tags from section headers, improves issue #936
* tag occurances of 'verification procedure' improves issue #936
* un-dfn DAA improves #936
* un-dfn non-attstn fmt, improves #936
* Review of PR #944 (#945)
* Replace old <dfn>s with links
* Eliminate <dfn> for "No attestation statement"
Since its text never appears again in the document, change the one link
to it to point to <dfn>None</dfn> instead.
* Add link to "none" attestation statement format from None attestation type
by =JeffH
https://github.com/w3c/webauthn/commit/204da2313c68f13b1baef9442733491c94fe58b2
* Merge branch 'master' into issue-151-credential-portability
by JeffH
https://github.com/w3c/webauthn/commit/2b6a12dbc0ee482e05ebc72ac86982563a2b2e10
* Address most of @equalsJeffH's review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/54f8a98f849fc00672d834936e89727acef30782
* Address some review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f97fb77e80ee38f1ab8bb71463c7342e357435c4
* Update web-platform-tests URLs (#947)
by Philip Jägenstedt
https://github.com/w3c/webauthn/commit/b7ac1867e94d6adb2c0a582f34bf21e42e8daaf4
* Add Dockerfile with Bikeshed installed (#942)
* Add Dockerfile with bikeshed
* Remove unnecessary symbolic link from bikeshed Dockerfile
* Add --no-cache to docker build instructions
* Add descriptions to docker run instructions
* Simplify Dockerfile build instructions
* Add "$BROWSER index.html" step to Dockerfile one-shot usage instructions
* Mention Docker image in root README
* Point out that Docker image requires Docker installed
* Point out that docker run must be run before docker start
* Add rebuild instructions to docker image readme
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c143aa0c98a4b2eb66c8990e84b20bf14959001f
* Merge pull request #946 from w3c/travis-experimental-bikeshed-job
Add experimental Travis build with no Bikeshed cache
by Emil Lundberg
https://github.com/w3c/webauthn/commit/99c552c7998b9b80a2be2a185fee1c7ac50868f5
* Replace <pre class="idl">s with <xmp>s (#949)
This fixes #943.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/76f25149b970227fbe4960f379071962392a45c1
* Change "human being" to "natural person" and link to Wikipedia
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a510bbfaabec0b6c6e433cae6bae515fbe829137
* Change "enrolled" to "configured"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b609a2953d8db82b61aaa095d3062c4c0a78d7be
* fix issue #932 clarify rpIdHash generation, minor editorial linking (#934)
Merging, per @nadalin 's request.
by =JeffH
https://github.com/w3c/webauthn/commit/1d8c9d20015c1d0d373f191e33eb1a9beeb4bb62
* Address the rest of @equalsJeffH's review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b78943880492bb4d57e774af02906d16fad06305
* Add @equalsJeffH's rewording
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b136ba2d483c6e5a7905b1ca8a3d9714a9dd5cef
* Note that the icon URL may be a data: URL (#937)
Updates #930.
by Adam Langley
https://github.com/w3c/webauthn/commit/cdbd4ca6eb3be6a9daf4d0ed76bcf57a62c8f7a4
* Merge pull request #884 from w3c/issue-151-credential-portability
Add example of new device enrollment via roaming authenticator
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4fd5dd5d5c642ba3756edb3eece3aa1bdd992be5
* Merge branch 'master' into authenticator-taxonomy
by JeffH
https://github.com/w3c/webauthn/commit/4fcb56650e0556375d218fb05a0a54416954872f
* Clarify difference between |x5c| and |aikCert| in TPM attstmt verification
by Emil Lundberg
https://github.com/w3c/webauthn/commit/fd73fa51b2f996ac58ab0ffddcb670ef3025088a
* Clarify difference between |x5c| and |attestnCert| in Packed attstmt verification
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b7f7fb47ff082baf5977cbc60af2d1748b86860a
* Merge remote-tracking branch 'origin/master' into issue907
by Adam Langley
https://github.com/w3c/webauthn/commit/7ef6a96e22c8e1b4a3773e0ac87e1a6174109257
* Merge remote-tracking branch 'origin/master' into issue575
by Adam Langley
https://github.com/w3c/webauthn/commit/1678bbc8e6a6c63f06af909aad451fec8897d52b
* Merge pull request #914 from agl/issue907
Eliminate the “not-supported” option for tokenBinding.status
by Adam Langley
https://github.com/w3c/webauthn/commit/a68f1a9256a7d73a71e68cec7d45f280dc46f033
* Merge pull request #904 from agl/issue575
Remove mention of a timeout for isUserVerifyingPlatformAuthenticatorAvailable
by Adam Langley
https://github.com/w3c/webauthn/commit/2d669ded704e8adffd6e1fe981bd46bbb40650ab
* Use [WAC] text macro in Client definition
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f2b40dbf7c77a745e7a5124f8e11eb912b16837d
* Introduce WebAuthn Client Device term
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2ef1db886a87173d8d6a44d5cfe46b0d665eea11
* Link Rate limiting
by Emil Lundberg
https://github.com/w3c/webauthn/commit/fc385a05d4b7294bd1468627bfe342d63f0ab352
* Mention rate limiting in UV definition
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a6ab65d01d9fb6305229e1821c338bd573c3f6d4
* Merge remote-tracking branch 'origin/master' into issue905
by Adam Langley
https://github.com/w3c/webauthn/commit/616332b3aad865a5088a1850e5842123429d8c25
* Address review comment
See https://github.com/w3c/webauthn/pull/842#discussion_r195565487
by Emil Lundberg
https://github.com/w3c/webauthn/commit/946007b7675f90bf0ffa9be048f6dfc9d02a76a5
* Address review comments
by Adam Langley
https://github.com/w3c/webauthn/commit/1e44ebdd302fc1908d5c98398a217df14b75c417
* Resolve inline issue 2
by Emil Lundberg
https://github.com/w3c/webauthn/commit/5c04f8b795c6f669ffd839ebf83752ce43314e17
* Address review comment
See https://github.com/w3c/webauthn/pull/842#discussion_r195582774
by Emil Lundberg
https://github.com/w3c/webauthn/commit/5945017a25332720f232eb2cfc83f104df1768a9
* Tone back trust assumption in authn ceremony structures section
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b5810be37daaea39e7951cc0db9d6e0089fa1344
* Merge pull request #958 from emlun/pr-842-addon-attachment-modality-wordsmithing
Address review comment
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1efa1aca80ae37db3901435a19e413a574bebc91
* Merge pull request #957 from w3c/pr-842-addon-client-device
Introduce WebAuthn Client Device term
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c45853c221a8273ead7510c3c74302a9635ee224
* Merge pull request #959 from emlun/pr-842-addon-mention-rate-limiting
Mention rate limiting in UV definition
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c54ce0aa32eb7ddef65e0f841368a289a7fb136f
* Delete hardline statement about trust requirement for UV
See discussion in
https://github.com/w3c/webauthn/pull/899#discussion_r195171633
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1e0471f6ca63ec4d20b2bbca107b0bc08ec91a4b
* Revert "Change "human being" to "natural person" and link to Wikipedia"
This reverts commit a510bbfaabec0b6c6e433cae6bae515fbe829137.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/48d6579f37e1ad5eb9ada299255c62a1151ce680
* Specify extension types in listing instead of prose (#941)
* Specify extension type in listing instead of prose
* Change listing heading from "Extension type" to "Operation applicability"
* Always capitalize Authentication in this context
by Emil Lundberg
https://github.com/w3c/webauthn/commit/10b27b671d42b437f0ce1bc3050f43f85a28d1db
* Merge pull request #899 from w3c/issue-743-de-anon-priv-cons
Document prevention of attacks on privacy
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2b5246585fe1703cf13775275dba575126edb99a
* Merge pull request #952 from w3c/issue-950-tpm-verification-clarity
Improve clarity of |x5c| in packed and tpm attstmt verification procedures
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b4e3fcc9b35584bc45fd83460c593620d25ae380
* Incorporate @equalsJeffH's suggested wording
by Emil Lundberg
https://github.com/w3c/webauthn/commit/40896e5920bf7d8ffcc7ce53475819795c0a009a
* Use [=client device=] term in Attachment Modality section
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3f3ace91c92e230ceab545bd7f3bdade264fb485
* Re-introduce missing definitions of [cross-]platform attachment
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d26ecf4ac70da2ef8266b3279e66e3db6baff04d
* Merge branch 'master' into authenticator-taxonomy
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3766649f894ef76d3a17ddc0def7220a7d2fb010
* Fix reference to undefined [=transport=]
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f937d21beedfafc2f69318d60a79b22e574bd31c
* revise RP ID definition and Note (#970)
by =JeffH
https://github.com/w3c/webauthn/commit/e243c2c7e4958d1e9cf65bf7c9c7e1a9adcc30dc
* Merging, per 27-Jun-18 working group call decision
by Mike Jones
https://github.com/w3c/webauthn/commit/a188cb7e1b13990b060994e6c63b5f86979b962c
* ignored extn does not return a value (#967)
* ignored extn does not return a value
* move ignored extensions admonition, thx emlun!
by =JeffH
https://github.com/w3c/webauthn/commit/a583650f1e98abe83446fcf59d8ae8961be6784e
* Merge pull request #960 from emlun/pr-956-addon-uv-trust
Tone back trust assumption in authn ceremony structures section
by Emil Lundberg
https://github.com/w3c/webauthn/commit/93913dc39c35f2286cd9cf47f50a067e7ce9a8ef
* Remove draft of use case descriptions
by Emil Lundberg
https://github.com/w3c/webauthn/commit/265fd3d1bc3dbf192cfc3fd7269e9f85606a1de2
* Add Issue: pointing out that Authenticator Taxonomy section is not complete
by Emil Lundberg
https://github.com/w3c/webauthn/commit/0366f515be6c3d79c88cc6e95ee43cdb608e5e65
* Revert "Add Issue: pointing out that Authenticator Taxonomy section is not complete"
This reverts commit 0366f515be6c3d79c88cc6e95ee43cdb608e5e65.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/699c58e95414e80abccf43395e191db79fc2ba53
* Revert "Remove draft of use case descriptions"
This reverts commit 265fd3d1bc3dbf192cfc3fd7269e9f85606a1de2.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/fe79b320c879ef7acd51e03b726172875e8adcf1
* Remove now unused image file
by Emil Lundberg
https://github.com/w3c/webauthn/commit/46d1fd96ade2e7af5c0f2033a1187f35a7d6e176
* Merge branch 'authenticator-taxonomy' into authenticator-taxonomy-use-cases
by Emil Lundberg
https://github.com/w3c/webauthn/commit/19964e8dc2fb14594ff5703845c9125075abdc49
* Revert "Remove now unused image file"
This reverts commit 46d1fd96ade2e7af5c0f2033a1187f35a7d6e176.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b5335e92b8d0988cadc187373ab2b297a46f7380
* Merge branch 'master' into authenticator-taxonomy
by Emil Lundberg
https://github.com/w3c/webauthn/commit/bb8b4ec26494c0eaac072b7210400546825957e1
* Un-rewrap lines
This should make @selfissued happy. :)
by Emil Lundberg
https://github.com/w3c/webauthn/commit/57c2b8f03f44c8febd8d50bd49a80bb935306058
* Merge branch 'authenticator-taxonomy' into authenticator-taxonomy-use-cases
by Emil Lundberg
https://github.com/w3c/webauthn/commit/21017aea87c177438a3bad20d984b5175e7e695e
* Rewrite Authenticator taxonomy section introduction
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2abe4c3fafa0a9e1eff698748ca702cc978d52b7
* Add user verifying authenticator types
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e8329f4adb9e70e6c9dcd54609dc77d58f4eefc0
* Add Storage modality section
by Emil Lundberg
https://github.com/w3c/webauthn/commit/95d9a069bb70e3f4e1d4d8a76b64aba37805145a
* Use storage modality term in Authenticator taxonomy section introduction
by Emil Lundberg
https://github.com/w3c/webauthn/commit/fc963ce26eaf572aba9476bc97bd512b69d1d25c
* Reference storage modality term in Client-side-resident Credential Private Key definition
by Emil Lundberg
https://github.com/w3c/webauthn/commit/6a559d8d0ec1a5b994fbdcf1350dd4dea73930be
* Add Authentication factor capability section
by Emil Lundberg
https://github.com/w3c/webauthn/commit/10c22a49d876e30bae9b18b91dd911c7c5ab5800
* Add adjective form of local storage modality
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d7ee1e590bc19d7818bf4d71d8ad03cd2db0f61b
* Delete Authentication ceremony structures section
I plan to rewrite this later.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c6a92a7dde05f3981926db33389a00ba9ff6ecb0
* Address @selfissued's review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8babb62c94a577ae61b85693623a392ca0ff89c7
* Remove old references to deleted use case descriptions
by Emil Lundberg
https://github.com/w3c/webauthn/commit/62d97b106ffe3bc1fe6bd8a4ad34625e5c6f32e8
* fix #180: do not totally lose the term "WebAuthn Relying Party" (#974)
* add dfn of webauthn RP
* use webauthn rp term at section beginnings
* fine tuning
* corrections
* more corrections
by =JeffH
https://github.com/w3c/webauthn/commit/4a2dd437f11fd5802560c64e3615bc6635e0f8ae
* add domain-only rationale in two places (#975)
by =JeffH
https://github.com/w3c/webauthn/commit/6a6bf465c54a8ad4737c8064587b668a38a679cc
* fix #866: clarify sentence wrt challenges (#977)
* fix 866
* add link to CollectedClientData/challenge, thx emlun!
by =JeffH
https://github.com/w3c/webauthn/commit/a96110e1d087a09dada43ceb7fe5a6dc75e004d3
* Merge branch 'master' into authenticator-taxonomy
by Emil Lundberg
https://github.com/w3c/webauthn/commit/bb2f65a33da5a8c449b833431fa8edfe16d1b879
* Merge branch 'authenticator-taxonomy' into authenticator-taxonomy-use-cases
by Emil Lundberg
https://github.com/w3c/webauthn/commit/7fd2e85ac0f23dc6b08d7e5d1e79f4be78dc3fb5
* Add link to [=public key credential=]
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c95c91d66605dbd3add21f6d328d071f83cac8d2
* Fully qualify modality terms
by Emil Lundberg
https://github.com/w3c/webauthn/commit/96ba753fff88e759cccef20cc8547e9356fb2670
* Remove blank line
by Emil Lundberg
https://github.com/w3c/webauthn/commit/6aebb64750e7a82abef9a2a706e30c6edb46c60d
* Fix up definition of local credential storage modality
by Emil Lundberg
https://github.com/w3c/webauthn/commit/092c4b25202d9051cf57521cfd85ecf4747a5053
* Use [=local storage capable=] instead of with...modality
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f2ac68bcac99e89729a0967c730d1347cf8bfb7d
* Combine two paragraphs about authentication factor classes
by Emil Lundberg
https://github.com/w3c/webauthn/commit/dfa78e50f2036e0f1e80bd99187e421f8fbec00b
* Use [=client-side-resident credential private keys=] in definition of local storage modality
by Emil Lundberg
https://github.com/w3c/webauthn/commit/dbd2c84304a5564c523ae67bee9cf30cdde95e8f
* Add (i.e., wrapping/unwrap)
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f26c2712f3d881c8e327c6bb9818ee025645ab6d
* Replace Client-side-resident Credential Private Key term with Cli-si-rePubKeyCredSource
by Emil Lundberg
https://github.com/w3c/webauthn/commit/010874f372959052c8283b8140ae3b2f317bf330
* Address review comments
See https://github.com/w3c/webauthn/pull/956#pullrequestreview-136032383
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d95918495ceffe6044c70adf8b672f81d24bdf4a
* Add table numbers and captions
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d45d8f8db475ff9b1d5a9f3c616d03921cf2f4fc
* Disambiguate appid extension output behaviour
As discussed in issue #982: https://github.com/w3c/webauthn/issues/982
by Emil Lundberg
https://github.com/w3c/webauthn/commit/905de00925b03fea9f9065f2cc47aa2a7098c5f3
* Merge pull request #956 from w3c/authenticator-taxonomy
Authenticator taxonomy: Attachment modality (replaces #842)
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2154486d6af399c3bcbd62a30962138ba94e9bf6
* fix #493: be explicit about "same user" is verified at get() time as was verified at create() time (#976)
* add anchor to authnrMakeCred user consent step
* add user-must-be-same adminition to authnrGetAssn
* update comment wrt tagged step
* make it a Note
* spelling
by =JeffH
https://github.com/w3c/webauthn/commit/fe09a70a41372690257fa3730a6dc858ed4f1015
* fix 864: Note regarding CTAP2 integer keys vs webauthn string keys (#986)
* fix 864: added Note
* polish
* 'client' rather than 'client platform'
by =JeffH
https://github.com/w3c/webauthn/commit/7709911ace404df7f6d01151cdef1013f7095e11
* Add recommendation of scoping platform credentials to OS accounts (#989)
* Add recommendation of scoping platform credentials to OS accounts
Note: [=client device=] is currently undefined; it will be added by
commit 2ef1db88 in PR #956.
https://github.com/w3c/webauthn/pull/956
* Expand OS acronym in section title
by Emil Lundberg
https://github.com/w3c/webauthn/commit/321e805b763bc86ff996403da6bfd13fade00125
* fix 364 timeout reasonable range (#971)
by =JeffH
https://github.com/w3c/webauthn/commit/9033fc6fccd602c3705a43927e11b53e55b45def
* Merge pull request #995 from w3c/issue-982-disambiguate-appid-output
Disambiguate appid extension output behaviour
by Emil Lundberg
https://github.com/w3c/webauthn/commit/005ec66866c2f3329f6c780a9351df275a2b9d8a
* Merge pull request #979 from w3c/authenticator-taxonomy-use-cases
Authenticator taxonomy: Authenticator types
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ca80875c6dc6b6f0eb3f4a02f39774df652ddb09
* Merge branch 'master' into issue-990-table-captions
by JeffH
https://github.com/w3c/webauthn/commit/7c6317fc10723591abe2ba45c2457d9ddbb6f10a
* Merge pull request #993 from w3c/resident-key-terminology-2
Replace resident key terminology as proposed in #905
by Emil Lundberg
https://github.com/w3c/webauthn/commit/7e5256f6f564fa99f68e45123402143450e17d5f
* Add caption and number to authenticator types table
by Emil Lundberg
https://github.com/w3c/webauthn/commit/bc15894311be72aca26582e3d9a00877399fc59a
* Replace local/remote storage terms with client/server side
by Emil Lundberg
https://github.com/w3c/webauthn/commit/862f425556dc933e24f6e6a4005d095a4a0772d5
* Fix #593: employ PRECIS RFC8264 et al for 'name'-ish domstring values (#951)
given https://github.com/w3c/webauthn/pull/951#issuecomment-404278183 where we decided on the 11-Jul webauthn call to go ahead and merge this PR as-is, and @stpeter's nominal ok of the presentation warning https://github.com/w3c/webauthn/pull/951#issuecomment-404297635, I'm merging this. if anyone feels there are problems with it, please submit specific new issues.
* employ PRECIS RFC8264 et al for 'name'-ish domstring values
* address emlun's review comment
* remove reference to 'preparation', 'enforcement' includes it
* re-do section references per selfissued
* client-side normativity to SHOULD
* add presentation admonition wrt name-ish strings
by =JeffH
https://github.com/w3c/webauthn/commit/f864d09715352ba30390664aa42518f4defbdce3
* Merge branch 'master' into issue905
by Adam Langley
https://github.com/w3c/webauthn/commit/eddf8ff358a1230ea77d923a43de1a0d6cf4ba6f
* Merge pull request #906 from agl/issue905
Add two abort paths for getting an assertion
by Adam Langley
https://github.com/w3c/webauthn/commit/bf4dbab0541a445b79bcf20f38ccd66cbba1ee5c
* Merge pull request #994 from w3c/issue-990-table-captions
Add table numbers and captions
by Emil Lundberg
https://github.com/w3c/webauthn/commit/faee219e5bc1b9ceb8c83ccdb316d259c4beea86
* fix 933: authnr does not enforce RP ID being eTLD+1 of RP's origin (#999)
* remove inapprop phrase and link some terms
* link assertion term
by =JeffH
https://github.com/w3c/webauthn/commit/a0d84c1f4c470251453fef8e4171b8511762766b
* Merge branch 'master' into replace-local-remote-terms
by Emil Lundberg
https://github.com/w3c/webauthn/commit/6f4fbe67fa97e41b8dab9afee80ed9dc6694af5b
* Merge pull request #997 from w3c/replace-local-remote-terms
Replace local/remote storage terms with client/server side
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8d6b9ac209154be39fa6e08bb8e80fcaf712f9f2
* Make transaction authorization extensions authentication exts only
by Emil Lundberg
https://github.com/w3c/webauthn/commit/911864c6d7abd420a1517a63ee649d1cd42e88d5
* Merge pull request #1002 from w3c/issue-621-tx-extension
Make transaction authorization extensions authentication exts only
by Emil Lundberg
https://github.com/w3c/webauthn/commit/741cef6e2ce342e700b03662f688ef2e33e87518
* Precisize "platform" and "device" terminology (#998)
* Add term Client Platform
* Eliminate imprecise uses of "platform"
* Correct and qualify uses of "device"
* Colocate <dfn> of Client with WebAuthn Client
* Address some review comments
See https://github.com/w3c/webauthn/pull/998#pullrequestreview-137137983
* Fix spelling mistake
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8b0eb719f2061d6d1d7c74a36778843bce1dedeb
* Clarify behaviour for authnrs not implementing signature counter
See issue #1008
https://github.com/w3c/webauthn/issues/1008
by Emil Lundberg
https://github.com/w3c/webauthn/commit/62cdb513f6d22428213f829aea67aa132bbb12eb
* Merge pull request #1009 from w3c/issue-1008-clarify-no-signature-counter
Clarify behaviour for authnrs not implementing signature counter
by Emil Lundberg
https://github.com/w3c/webauthn/commit/7159c08b280b82a9a8d00d35212470cf4e53cb91
* fix 985 add abort path to createCredential alg (#1005)
by =JeffH
https://github.com/w3c/webauthn/commit/4580bd7240a72d75642725ee62d3c3e6932169a3
* fix #939 add intro abort lang to getAssn (#1006)
by =JeffH
https://github.com/w3c/webauthn/commit/0f38025c4acdd36f1e595432ac30aa057de745fa
* fix #24: add reg & authn flow diagrams (#1007)
* fix #24: add reg & authn flow diagrams, thanks apowers313!
* renumber figure references
by =JeffH
https://github.com/w3c/webauthn/commit/81e8056e275eed52606b7eb406ee426695d75631
* update acks (#1013)
by =JeffH
https://github.com/w3c/webauthn/commit/243e72f84a35f7d2774dbfbc8da58e02e3ffa9e2
* fix #712 JSON-serialized client data is wrong
by JeffH
https://github.com/w3c/webauthn/commit/acb0f6a0739245c0c770c5bda97d9ea3bfda07d9
* Merge pull request #1017 from w3c/jeffh-fix-#712-json-serialized-client-data
fix #712 JSON-serialized client data is wrong
by Adam Langley
https://github.com/w3c/webauthn/commit/bdc64c4dc0c7891c28e00974edc4391b87e1874c
* fix #1015 FAR should be FRR (#1016)
by =JeffH
https://github.com/w3c/webauthn/commit/24aed4e42440f0954491a374d7d82ee5355c67a5
* Add bikeshed update to bikeshed Dockerfile
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1d635f62d576eae4a8dc488559d4c1116b86d79c
* Merge pull request #1026 from w3c/docker
Add bikeshed update to bikeshed Dockerfile
by Emil Lundberg
https://github.com/w3c/webauthn/commit/0e4ed089d190ff192af469624085145b0cd6ac2a
* Clarify that SafetyNet response uses base64url (#1021)
Merging, per decision on 8-Aug-18 call
by Arnar Birgisson
https://github.com/w3c/webauthn/commit/653203d077584e5def14a367da5538c9d51fc473
* Use final name for "serialize JSON to bytes" (#1024)
This is a follow-up to #1017 to use the final name arrived at in https://github.com/whatwg/infra/pull/207 and merged into the Infra Standard.
by Domenic Denicola
https://github.com/w3c/webauthn/commit/91c30688fba36b57fea7db9cde9bf60a561c89e7
* add link to 2nd CR version
to resolve https://github.com/w3c/webauthn/issues/1028
by Samuel Weiler
https://github.com/w3c/webauthn/commit/488ff04043ceb6188f2499d659101bade56652d1
* removed duplicate
by Samuel Weiler
https://github.com/w3c/webauthn/commit/c8f516f9169aa33b1d48e57150f4e15dc6964e86
* Fix typo
This fixes #1019.
https://github.com/w3c/webauthn/issues/1019
by Emil Lundberg
https://github.com/w3c/webauthn/commit/9a99d4b28275459b82ad37ebe66ab13f027857ed
* Merge pull request #1029 from w3c/samuelweiler-patch-2
add link to 2nd CR version
by Samuel Weiler
https://github.com/w3c/webauthn/commit/d74f56be8e38abdda425dfc586979f632d894468
* Expand and link RP to Relying Party
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8ef8a7db979557e97a6cbdf458877ede51f121b0
* Unlink RP ID in preformatted, non-linking example listings
by Emil Lundberg
https://github.com/w3c/webauthn/commit/30791a729094589f5750d54d3220a7ae4735bc31
* Fix "An Relying Party" to "A Relying Party"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8d4083db2af030c4218023b4c12e9f1abfedf12d
* Link [RPS]
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f1f41ab926e399d202cc9a46a1c4dfa98c781328
* Note that the `appid` extension changes RP ID hash
This change adds a note to clarify that successful use of the `appid`
extension will cause the RP ID hash in the returned assertion to be the
hash of the AppID rather than the hash of the RP ID.
Fixes #980.
by Adam Langley
https://github.com/w3c/webauthn/commit/b6a48d75a88cec0a89c07571e643681e969a2508
* [Spelling] Added "be"
by Anders Åberg
https://github.com/w3c/webauthn/commit/66327de9bdd046857d7b2753508168c49b3593a0
* Merge pull request #1038 from abergs/patch-1
[Spelling] Added missing "be"
by Samuel Weiler
https://github.com/w3c/webauthn/commit/83dc21c8d4510d1dc9c7806c43ec5ee8a2f1466b
* fix #1012 determine Attested Credential Data length (#1023)
* fix #1012 determine attsCredData length
* fix grammar
by =JeffH
https://github.com/w3c/webauthn/commit/964aa6c1eceaf922816573a639dec63fbcad9716
* Merge pull request #1030 from w3c/issue-1019-typo
Fix some minor editorial issues
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ee3cf178256559fddb3b0d5880f6bd22d72f3d47
* Merge pull request #1033 from agl/issue980
Note that the appid extension changes RP ID hash
by Adam Langley
https://github.com/w3c/webauthn/commit/a057572c2ca6211ec5b9d62a73df0e0363a3c300
* Add note about actual implementations of appid. (#1032)
This change adds a note to the `appid` extension remarking that, in
practice, I don't think anyone actually implements the FIDO FacetID spec
fully and instead checks whether the claimed AppID is same host with the
origin.
Fixes #972.
by Adam Langley
https://github.com/w3c/webauthn/commit/bd9bc3ee399eab740563bebfe7927d7627dd5cea
* change JeffH's affilitation (#1047)
by =JeffH
https://github.com/w3c/webauthn/commit/0cbff5300493714a35cd9b905163388926301c96
* Merge branch 'master' into jeffh-spec-roadmap
by JeffH
https://github.com/w3c/webauthn/commit/8ba55144a7e14a013105338ad7b2468709cf4671
* re-write and incorp vijaybh's feedback
by JeffH
https://github.com/w3c/webauthn/commit/64d46b6f09e6496b24a25fd9d4246d1f9636975a
Received on Tuesday, 28 August 2018 17:27:59 UTC