(Informal) WebAuthN / FIDO2 interop @ Google Friday 26 January
01/03/2018 W3C Web Authentication WG Meeting Agenda
01/10/2018 W3C Web Authentication WG Meeting Agenda
01/17/2018 W3C Web Authentication WG Meeting Agenda
01/31/2018 W3C Web Authentication WG Meeting Agenda
[w3c/webauthn]
[w3c/webauthn] 0c6641: Fix two more "denies consent" => "does not consent...
- GitHub (Wednesday, 17 January)
[w3c/webauthn] 0cbccd: fix incorrect US English article, thx selfissued :...
- GitHub (Wednesday, 24 January)
[w3c/webauthn] 0ce459: fix #610 priv CA now attstn CA
- GitHub (Wednesday, 24 January)
[w3c/webauthn] 0f4cfe: fix #610 privacy CA now known as attestation CA (#...
- GitHub (Wednesday, 31 January)
[w3c/webauthn] 10c150: Define credentialIdLength representation (#756)
[w3c/webauthn] 116e1c: Built by Travis-CI: c64bdaf2f6b026369729e553b6008d...
- GitHub (Wednesday, 10 January)
[w3c/webauthn] 153ac0: fix #658
- GitHub (Wednesday, 24 January)
[w3c/webauthn] 18847d: Wait for lifetimeTimer to expire instead of issued...
- GitHub (Wednesday, 17 January)
[w3c/webauthn] 1fc890: Strongly type client extension inputs and outputs ...
- GitHub (Wednesday, 31 January)
[w3c/webauthn] 382c8c: Built by Travis-CI: 9b8da80d6cd863ece10fc860a4f010...
[w3c/webauthn] 3cfaeb: Normalize RFC2119 langugage (#470)
[w3c/webauthn] 427c7e: Un-hardcode list item numbers
[w3c/webauthn] 45b306: Fix issue #753: Verify user identity in RP authent...
[w3c/webauthn] 528916: fix |allowCredentialDescriptorList| warning from L...
- GitHub (Wednesday, 31 January)
- GitHub (Wednesday, 24 January)
- GitHub (Wednesday, 24 January)
[w3c/webauthn] 58e824: fix 543: improve COSE_Key spec language and add CO...
[w3c/webauthn] 5d7faa: fix |allowCredentialDescriptorList| warning from L...
- GitHub (Wednesday, 24 January)
[w3c/webauthn] 5ee992: Improve language of e314246
[w3c/webauthn] 62095d: Define preventSilentAccess() behavior (#758)
[w3c/webauthn] 66595f: Built by Travis-CI: ab361bd7994ddce7ac53763c2a8089...
- GitHub (Wednesday, 17 January)
[w3c/webauthn] 66b2b7: alg -37 is actually PS256; align PS256 & RS256 tex...
[w3c/webauthn] 693b1a: Built by Travis-CI: 9d5609d243966c9c99640ea97ed34b...
[w3c/webauthn] 696cc5: Corrected txAuthGeneric client extension input typ...
[w3c/webauthn] 6f88ff: Built by Travis-CI: 51ec228afc78b51abe1ee1fc6caa9f...
- GitHub (Wednesday, 17 January)
[w3c/webauthn] 719f33: Reference the FIDO 100k batch sizes.
[w3c/webauthn] 7346ca: Built by Travis-CI: 35b730be6d0e3db254db61f73c3a9d...
[w3c/webauthn] 777164: Built by Travis-CI: 0ed625785d7d8c01cc43a1d3910034...
[w3c/webauthn] 7be2d3: fix #455: we are using CTAP canonical CBOR encodin...
[w3c/webauthn] 7dfaab: Built by Travis-CI: b0cae5e2fb2b6e0d7f25a2153768e1...
[w3c/webauthn] 7eafc3: Update index.bs
- GitHub (Wednesday, 31 January)
[w3c/webauthn] 836966: Built by Travis-CI: 3cfaeba5be63850c23231fa220e8b5...
[w3c/webauthn] 88d1f3: Built by Travis-CI: ade832157979451f8e69367f0d5749...
[w3c/webauthn] 8b1b3d: add 'Dictionary' to Credential{Creation,Request}Op...
[w3c/webauthn] 8cdeac: Clarify PublicKeyCredentialEntity name description...
- GitHub (Thursday, 11 January)
- GitHub (Wednesday, 10 January)
- GitHub (Wednesday, 3 January)
[w3c/webauthn] 910c25: Address review comment by @jcjones
- GitHub (Wednesday, 17 January)
[w3c/webauthn] 949089: Move "Browser Permissions Framework and Extensions...
- GitHub (Wednesday, 31 January)
[w3c/webauthn] 958a9d: Fix #715 - add a conformance class note for FIDO U...
[w3c/webauthn] 9b8da8: Reference FIDO Privacy Principles (#759)
[w3c/webauthn] 9fc7e4: Built by Travis-CI: 958a9d1c1cb2c8a9b29c9fab6aa87d...
[w3c/webauthn] a5d9a6: Built by Travis-CI: e5c8c4fbf574a1a50192052c569d0e...
[w3c/webauthn] ade832: Changed uses of JSON string to USVString (#739)
[w3c/webauthn] b0cae5: Bikeshed spec data update
[w3c/webauthn] b380a0: use AIK certificate term
[w3c/webauthn] b38365: Built by Travis-CI: 62095dac95b2a15b389352b0a23f31...
[w3c/webauthn] b631dc: Rework the FIDO AppID extension.
[w3c/webauthn] bf5b2d: Built by Travis-CI: 58e824a5c1b0d12cee42aa4fc25df4...
[w3c/webauthn] c27a69: Built by Travis-CI: 45b306297824475941d009b0d69f1e...
[w3c/webauthn] c28b36: Built by Travis-CI: 0f4cfe4807a09dffe565f69cdcc8dc...
- GitHub (Wednesday, 31 January)
[w3c/webauthn] c64bda: fix #322: flesh out Security Considerations (for n...
- GitHub (Wednesday, 10 January)
[w3c/webauthn] ca793d: Built by Travis-CI: 10c150517f1b05b796aee64953628f...
[w3c/webauthn] d324d6: adj example whitespace, thx agl!
[w3c/webauthn] d448eb: Don't say user handle is optional in Public Key Cr...
[w3c/webauthn] d51fbe: Tighten up the specification of packed X.509 certi...
[w3c/webauthn] d77acb: Update index.bs
- GitHub (Wednesday, 10 January)
[w3c/webauthn] e192c3: Un-hardcode step numbers in RP operations
- GitHub (Wednesday, 17 January)
[w3c/webauthn] e31424: Fix issue #753: Verify user identity in RP authent...
[w3c/webauthn] e5c8c4: Security Considerations for Unsigned Credential ID...
[w3c/webauthn] f199b7: Built by Travis-CI: 528916914afa9c17dd7a9a4a8b0b8f...
- GitHub (Wednesday, 24 January)
[w3c/webauthn] f22835: Built by Travis-CI: dc3958c9c439a0875db4c37a7e434e...
[w3c/webauthn] f3e8af: Address one of @equalsJeffH's review comments
[w3c/webauthn] f4f86f: Built by Travis-CI: 696cc5f0d923bf770b514468ccb074...
[w3c/webauthn] f716b7: Copy changes from #736
[w3c/webauthn] f780ca: Add note on why authenticator attachment ise used ...
[w3c/webauthn] f9104d: Built by Travis-CI: 1fc8906a20bb0698d68de3fbe55ebd...
- GitHub (Wednesday, 31 January)
[w3c/webauthn] fb749d: Revert one "denies consent" => "does not consent" ...
[webauthn] "credential ID" not signed over by authenticatorGetAssertion operation
[webauthn] `CredentialRequestOptions` make otherwise valid values invalid in an undesirable way
[webauthn] Add consideration of browser permissions framework for extension processing
[webauthn] Add privacy consideration about terminating getAssertion early
[webauthn] Adding CDDL to txAuthSimple
[webauthn] Aligning PublicKeyCredentialUserEntity with CTAP
[webauthn] Allow hot-plugged authenticators?
[webauthn] attestation type identifiers and their use is only implicitly defined
[webauthn] Authnr selection aaguidlist
[webauthn] Biometric Criteria Extension
[webauthn] Change "denies consent" to "does not consent"
[webauthn] Changed uses of JSON string to USVString
[webauthn] clarify "authenticator model": RPs may perform feature-based authenticator selection
[webauthn] Client arguments should be specified with "partial dictionary AuthenticationExtensions"
[webauthn] Closed Pull Request: Add consideration of browser permissions framework for extension processing
[webauthn] Closed Pull Request: Fix #713: Define JSON deserialization
[webauthn] Closed Pull Request: Fix typo
[webauthn] cognitive-accessibility consideration
[webauthn] Correct uses of "JSON string" versus "DOMString" and other string terminology usage
[webauthn] Corrected txAuthGeneric client extension input type
[webauthn] CTAP/U2F doesn't status indicating the user cancelled the operation
[webauthn] define "blinding"
[webauthn] Define actions for “none” attestation.
[webauthn] Define preventSilentAccess() behavior
[webauthn] Describe how authenticators unique and find credential sources.
[webauthn] document preventions of RP-driven de-anonymization attempts in priv-cons
[webauthn] document preventions of RP-driven de-anonymization attempts in privacy-cons
[webauthn] Examples should include non-ASCII [editorial]
[webauthn] Extensions need to define how their parameters convert to/from CBOR
- Boris Zbarsky via GitHub (Tuesday, 9 January)
- Mike Jones via GitHub (Tuesday, 9 January)
- Mike Jones via GitHub (Tuesday, 9 January)
- Jeffrey Yasskin via GitHub (Tuesday, 9 January)
- Emil Lundberg via GitHub (Tuesday, 9 January)
- Boris Zbarsky via GitHub (Tuesday, 9 January)
- Emil Lundberg via GitHub (Tuesday, 9 January)
- Boris Zbarsky via GitHub (Tuesday, 9 January)
- Boris Zbarsky via GitHub (Monday, 8 January)
- J.C. Jones via GitHub (Wednesday, 3 January)
[webauthn] FIDO U2F Attestation Statement Format needs to clarify that user handle will be empty
[webauthn] fix #610 privacy CA now known as attestation CA
[webauthn] Fix #622: Clarify PublicKeyCredentialEntity name descriptions
[webauthn] fix #658: add user cancelled operation Note
[webauthn] Fix #713: Define JSON deserialization
[webauthn] Fix #715 - add a conformance class note for FIDO U2F Attesation Types
[webauthn] Fix #720: Align user handle management with CTAP
[webauthn] fix 543: improve COSE_Key spec language and add COSE_Key examples
[webauthn] Fix typo
[webauthn] JSON deserialization is not defined
[webauthn] Justify differences in TPM Attestation Verification procedures in WebAuthn versus TCG specifications
[webauthn] Merged Pull Request: Add privacy consideration about terminating getAssertion early
[webauthn] Merged Pull Request: Change "denies consent" to "does not consent"
[webauthn] Merged Pull Request: Changed uses of JSON string to USVString
[webauthn] Merged Pull Request: Corrected txAuthGeneric client extension input type
[webauthn] Merged Pull Request: Define credentialIdLength representation
[webauthn] Merged Pull Request: Define preventSilentAccess() behavior
[webauthn] Merged Pull Request: fix #322: flesh out Security Considerations (for now)
[webauthn] Merged Pull Request: fix #455: we are using CTAP canonical CBOR encoding form everywhere
[webauthn] Merged Pull Request: fix #497: add 'Dictionary' to Credential{Creation, Request}Options section titles
[webauthn] Merged Pull Request: Fix #622: Clarify PublicKeyCredentialEntity name descriptions
[webauthn] Merged Pull Request: Fix #715 - add a conformance class note for FIDO U2F Attesation Types
[webauthn] Merged Pull Request: Fix #720: Align user handle management with CTAP
[webauthn] Merged Pull Request: fix 543: improve COSE_Key spec language and add COSE_Key examples
[webauthn] Merged Pull Request: Fix issue #753: Verify user identity in RP authentication operation
[webauthn] Merged Pull Request: fix |allowCredentialDescriptorList| warning from L3605
[webauthn] Merged Pull Request: Normalize RFC2119 langugage
[webauthn] Merged Pull Request: Reference FIDO Privacy Principles
[webauthn] Merged Pull Request: Reference the FIDO 100k batch sizes.
[webauthn] Merged Pull Request: Rework the FIDO AppID extension.
[webauthn] Merged Pull Request: Security Considerations for Unsigned Credential ID
[webauthn] Merged Pull Request: Strongly type client extension inputs and outputs
[webauthn] Merged Pull Request: Tighten up the specification of packed X.509 certificates.
[webauthn] new commits pushed by agl
[webauthn] new commits pushed by AngeloKai
[webauthn] new commits pushed by emlun
- Emil Lundberg via GitHub (Wednesday, 31 January)
- Emil Lundberg via GitHub (Wednesday, 31 January)
- Emil Lundberg via GitHub (Monday, 22 January)
- Emil Lundberg via GitHub (Monday, 22 January)
- Emil Lundberg via GitHub (Wednesday, 17 January)
- Emil Lundberg via GitHub (Wednesday, 17 January)
- Emil Lundberg via GitHub (Wednesday, 17 January)
- Emil Lundberg via GitHub (Wednesday, 17 January)
- Emil Lundberg via GitHub (Friday, 12 January)
- Emil Lundberg via GitHub (Friday, 12 January)
- Emil Lundberg via GitHub (Thursday, 11 January)
- Emil Lundberg via GitHub (Wednesday, 3 January)
- Emil Lundberg via GitHub (Wednesday, 3 January)
- Emil Lundberg via GitHub (Wednesday, 3 January)
- Emil Lundberg via GitHub (Wednesday, 3 January)
- Emil Lundberg via GitHub (Wednesday, 3 January)
[webauthn] new commits pushed by equalsJeffH
- =JeffH via GitHub (Wednesday, 31 January)
- =JeffH via GitHub (Wednesday, 31 January)
- =JeffH via GitHub (Tuesday, 30 January)
- =JeffH via GitHub (Thursday, 25 January)
- =JeffH via GitHub (Wednesday, 24 January)
- =JeffH via GitHub (Wednesday, 24 January)
- =JeffH via GitHub (Wednesday, 24 January)
- =JeffH via GitHub (Wednesday, 24 January)
- =JeffH via GitHub (Wednesday, 24 January)
- =JeffH via GitHub (Wednesday, 24 January)
- =JeffH via GitHub (Friday, 12 January)
- =JeffH via GitHub (Thursday, 11 January)
- =JeffH via GitHub (Thursday, 11 January)
- =JeffH via GitHub (Wednesday, 10 January)
- =JeffH via GitHub (Wednesday, 10 January)
- =JeffH via GitHub (Wednesday, 10 January)
- =JeffH via GitHub (Tuesday, 2 January)
- =JeffH via GitHub (Monday, 1 January)
[webauthn] new commits pushed by jcjones
[webauthn] new commits pushed by selfissued
[webauthn] new commits pushed by WebAuthnBot
- WebAuthnBot via GitHub (Wednesday, 31 January)
- WebAuthnBot via GitHub (Tuesday, 30 January)
- WebAuthnBot via GitHub (Friday, 26 January)
- WebAuthnBot via GitHub (Friday, 26 January)
- WebAuthnBot via GitHub (Friday, 26 January)
- WebAuthnBot via GitHub (Friday, 26 January)
- WebAuthnBot via GitHub (Friday, 26 January)
- WebAuthnBot via GitHub (Friday, 26 January)
- WebAuthnBot via GitHub (Thursday, 25 January)
- WebAuthnBot via GitHub (Wednesday, 24 January)
- WebAuthnBot via GitHub (Thursday, 18 January)
- WebAuthnBot via GitHub (Wednesday, 17 January)
- WebAuthnBot via GitHub (Wednesday, 17 January)
- WebAuthnBot via GitHub (Friday, 12 January)
- WebAuthnBot via GitHub (Friday, 12 January)
- WebAuthnBot via GitHub (Thursday, 11 January)
- WebAuthnBot via GitHub (Wednesday, 10 January)
- WebAuthnBot via GitHub (Tuesday, 9 January)
- WebAuthnBot via GitHub (Friday, 5 January)
- WebAuthnBot via GitHub (Wednesday, 3 January)
[webauthn] Packed Attestation & Certificates
[webauthn] Per TCG: "privacy CA" is now "Attestation CA"
[webauthn] PING suggest referencing the FIDO 100k batch requirements
[webauthn] PR #763 untangled: Add consideration of browser permissions framework for extension processing
[webauthn] Privacy across Account IDs
[webauthn] Privacy CA not defined or linked
[webauthn] Privacy concerns with blacklist/whitelist
[webauthn] Processing extensions as JSON
[webauthn] providing info about authenticator availability / attachments
[webauthn] Pull Request: add 'Dictionary' to Credential{Creation, Request}Options section titles
[webauthn] Pull Request: Add consideration of browser permissions framework for extension processing
[webauthn] Pull Request: Change "denies consent" to "does not consent"
[webauthn] Pull Request: Changed uses of JSON string to USVString
[webauthn] Pull Request: Define actions for “none” attestation.
[webauthn] Pull Request: Define credentialIdLength representation
[webauthn] Pull Request: Define preventSilentAccess() behavior
[webauthn] Pull Request: Editorial changes from PR #718
[webauthn] Pull Request: fix #610 privacy CA now known as attestation CA
[webauthn] Pull Request: fix #658: add user cancelled operation Note
[webauthn] Pull Request: Fix #715 - add a conformance class note for FIDO U2F Attesation Types
[webauthn] Pull Request: Fix outdated step references in RP registration algorithm
[webauthn] Pull Request: Fix typo
[webauthn] Pull Request: fix |allowCredentialDescriptorList| warning from L3605
[webauthn] Pull Request: PR #763 untangled: Add consideration of browser permissions framework for extension processing
[webauthn] Pull Request: Reference FIDO Privacy Principles
[webauthn] Pull Request: Reference the FIDO 100k batch sizes.
[webauthn] Pull Request: Security Considerations for Unsigned Credential ID
[webauthn] Pull Request: Strongly type client extension inputs and outputs
[webauthn] Pull Request: Tighten up the specification of packed X.509 certificates.
[webauthn] Pull Request: Un-hardcode list item numbers
[webauthn] Pull Request: Update CDDL to reflect packed, self-attestation.
[webauthn] reference fido priv principals
[webauthn] Reference the FIDO 100k batch sizes.
[webauthn] remove "required" from PublicKeyCredentialDescriptor.id
[webauthn] RP assertion algorithm does not say to validate the credential ID
[webauthn] Security Considerations for Unsigned Credential ID
[webauthn] Security considerations section has some areas deserving of more consideration.
[webauthn] Strongly type client extension inputs and outputs
[webauthn] Tighten up the specification of packed X.509 certificates.
[webauthn] txAuthSimple does not conform to extension requirements
[webauthn] U2F Attestation Statement Format does not define "self attestation" steps
[webauthn] UAs can't pass unknown extensions to authenticators
[webauthn] update #credentialcreationoptions-extension & #credentialrequestoptions-extension section titles
[webauthn] update extensions framework to include interfacing with user agent permissions framework
[webauthn] User consent for location extension
Closed: [webauthn] "credential ID" not signed over by authenticatorGetAssertion operation
Closed: [webauthn] Aligning PublicKeyCredentialUserEntity with CTAP
Closed: [webauthn] Client arguments should be specified with "partial dictionary AuthenticationExtensions"
Closed: [webauthn] Consider requiring canonical CBOR throughout
Closed: [webauthn] Contradiction in whether user handle is required
Closed: [webauthn] Correct uses of "JSON string" versus "DOMString" and other string terminology usage
Closed: [webauthn] Extensions need to define how their parameters convert to/from CBOR
Closed: [webauthn] FIDO U2F Attestation Statement Format needs to clarify that user handle will be empty
Closed: [webauthn] JSON deserialization is not defined
Closed: [webauthn] musings wrt webauthn's profile of COSE_Key
Closed: [webauthn] No description regarding representation of credential Id length
Closed: [webauthn] overall security considerations section or document
Closed: [webauthn] Packed Attestation & Certificates
Closed: [webauthn] PING suggest referencing the FIDO 100k batch requirements
Closed: [webauthn] preventSilentAccess() -- what effect does calling it have?
Closed: [webauthn] Privacy CA not defined or linked
Closed: [webauthn] Privacy concerns with blacklist/whitelist
Closed: [webauthn] PublicKeyCredentialUserEntity difference between name, displayName and id not clear
Closed: [webauthn] reference fido privacy principles
Closed: [webauthn] RP assertion algorithm does not say to validate the credential ID
Closed: [webauthn] Security considerations section has some areas deserving of more consideration.
Closed: [webauthn] txAuthSimple does not conform to extension requirements
Closed: [webauthn] UAs can't pass unknown extensions to authenticators
Closed: [webauthn] update #credentialcreationoptions-extension & #credentialrequestoptions-extension section titles
Closed: [webauthn] User consent for location extension
Closed: [webauthn] various issues with AppId extension
Fwd: Special PING call *tomorrow* on WebAuth, 11 January 2018, 9am PT, 12pm ET, UTC 17
Strongly typing client extension inputs and outputs
WebAuthN API for Chrome
Last message date: Wednesday, 31 January 2018 22:36:05 UTC