[w3c/webauthn] 4f1a3b: Describe how authenticators unique and find creden... from GitHub on 2018-02-06 (public-webauthn@w3.org from February 2018)

From: GitHub <noreply@github.com>
Date: Mon, 05 Feb 2018 16:34:14 -0800
To: public-webauthn@w3.org
Message-ID: <5a78f806f313c_74c52ab9d8679c08523bc@hookshot-fe-d2afb11.cp1-iad.github.net.mail>

  Branch: refs/heads/master
  Home:   https://github.com/w3c/webauthn
  Commit: 4f1a3ba8339824dc0491274393bebe3c142676f6
      https://github.com/w3c/webauthn/commit/4f1a3ba8339824dc0491274393bebe3c142676f6
  Author: Jeffrey Yasskin <jyasskin@gmail.com>
  Date:   2018-02-05 (Mon, 05 Feb 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Describe how authenticators unique and find credential sources. (#623)

* Define Public Key Credential Source and Credential ID.

This also redefines "Public Key Credential" to be the thing presented to the RP,
as a willful violation of RFC4949.

Credential ID is defined to explicitly include the possibility that it's the
encrypted Credential Source.

* Link "credential ID".

* Allow hashes as credential IDs.

* Describe how authenticators unique and find credential sources.

This happens to fix a maybe-bug where the authenticator didn't check that a
decrypted credential ID came from the right RP.

It's also much more precise about the distinction between a credential
descriptor and a credential or credential source.

* finish merge-from-master and fixup dangling internal crossrefs

* restore masthead

* restore clientDataHash rather than tbsHash in U2F attstn format

* fixing rendering issue

* fixup merge-from-master loose ends by hand

* fix var ignore issue

* address emlun's comments, thx!

* catch straggler from emlun's comments, mea culpa

* ignore a var make bikeshed happier

* move op-lookup-credsource-by-credid alg to new subsection

* dont need ignore no more

Received on Tuesday, 6 February 2018 00:35:14 UTC