- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Wed, 11 Jul 2018 19:11:10 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by equalsJeffH to https://github.com/w3c/webauthn: * Add link to "attachment modality" reference by Emil Lundberg https://github.com/w3c/webauthn/commit/1e3241503b08069d7eaa58733c86f6968be68f63 * Define Authentication Ceremony as alias of Authentication by Emil Lundberg https://github.com/w3c/webauthn/commit/2c01f6f98eeedf4297d9fd1cdad2dadc0ad5b735 * Define Registration Ceremony as alias of Registration by Emil Lundberg https://github.com/w3c/webauthn/commit/77f814b0f45c246447863db3efd21423fb05c155 * Add authenticator taxonomy diagram by Emil Lundberg https://github.com/w3c/webauthn/commit/f6b5bcc8cf51c6dd18e15173671a5ddc4919d74c * WIP: Extract Authenticator Taxonomy section and define 1st/2nd factor authnr/cred by Emil Lundberg https://github.com/w3c/webauthn/commit/2ea108580a3b5d8adbecf02b831bff0c38c3f0ac * Define Authentication Factor by Emil Lundberg https://github.com/w3c/webauthn/commit/b9917b28bad6a9743cc3f15d749bbe66efb60cb4 * WIP: Replace definitions with use case descriptions by Emil Lundberg https://github.com/w3c/webauthn/commit/2f980e7da765fac1071b388af06b0fd5fa81501a * Link authentication factor terms to NIST SP 800-63r3 by Emil Lundberg https://github.com/w3c/webauthn/commit/ecc950c16c3f7316e7c26c5fba4c54193c379e01 * Add note about platform authnrs as roaming authnrs by Emil Lundberg https://github.com/w3c/webauthn/commit/fabf85e049906dc9b6e4fe1301be61ed57986627 * Remove some authenticator property labels from authnr taxonomy diagram by Emil Lundberg https://github.com/w3c/webauthn/commit/68825d1bf896ad4024ab19770da736dee232039e * Merge branch 'master' into authenticator-taxonomy by Emil Lundberg https://github.com/w3c/webauthn/commit/de7c61c75a6e4a13279ac8e77a0adb7e08643297 * Merge branch 'master' into authenticator-taxonomy by Emil Lundberg https://github.com/w3c/webauthn/commit/75f348ee38dc8f4311d8e0aab191934a43d69a7e * Document prevention of attacks on privacy by Emil Lundberg https://github.com/w3c/webauthn/commit/10e12d0bfffa8d5cf6980425e90766d66050ff0d * Reference §14.4 in §14.2 by Emil Lundberg https://github.com/w3c/webauthn/commit/6a83ec06d619aedee05d1f9892f453689b6fcb1b * Remove mention of a timeout for isUserVerifyingPlatformAuthenticatorAvailable. As discussed on the issue, implementations appear to be converging on implementing this call without prompting the user and returning immediately. The wording in this section is loose enough that implementations that wish to continue using a timeout can find enough slack to do so, but this change removes the firm suggestion to do so. Also, align the spacing of “Promise<T>” to match the style used elsewhere in the W3C specs. Fixes #575 by Adam Langley https://github.com/w3c/webauthn/commit/f55c4c3a38ef18349b1feb91f8763875c39758d5 * Eliminate the “not-supported” option for tokenBinding.status The tokenBinding member is optional so this created two different ways to encode that tokenBinding wasn't supported: omitting tokenBinding completely and including it with status = “not-supported”. This change eliminates the second option. This matches Firefox's current behaviour and Chrome will align. Fixes #907. by Adam Langley https://github.com/w3c/webauthn/commit/df81b61d660079345c1e40afc2762ea812db96f0 * Specify the meaning of omitting tokenBinding. by Adam Langley https://github.com/w3c/webauthn/commit/31aed6629c957829466415ad62d93e2210524e3f * Address @selfissued's review comments by Emil Lundberg https://github.com/w3c/webauthn/commit/0b3e939f9142a1b7c8d1edb9d9c0e354cfbc9866 * Remove confirmation prompt from isUserVerifyingPlatformAuthenticatorAvailable() See: - https://github.com/w3c/webauthn/issues/575#issuecomment-386059592 - https://github.com/w3c/webauthn/issues/575#issuecomment-386650507 - https://github.com/w3c/webauthn/issues/575#issuecomment-393134099 by Emil Lundberg https://github.com/w3c/webauthn/commit/ad22fce9fbe6685490dd767bb52445e600c9af88 * Merge branch 'master' into issue907 by Adam Langley https://github.com/w3c/webauthn/commit/0db8a61125c6dbb88474207123e34e1742f666cc * Merge pull request #1 from w3c/issue575-remove-consent-prompt Remove confirmation prompt from isUVPAA by Adam Langley https://github.com/w3c/webauthn/commit/82b6b3732eee66d37672454ea59fb93eb608bc6b * Merge branch 'master' into issue575 by Adam Langley https://github.com/w3c/webauthn/commit/06db112d81e09878257e54e7febaabe16f4a89e6 * Change “optional” to “OPTIONAL”. by Adam Langley https://github.com/w3c/webauthn/commit/802ddec2c7b0bdcbe01bdd2b89715bd4043f5cd9 * Merge branch 'master' into authenticator-taxonomy by Emil Lundberg https://github.com/w3c/webauthn/commit/ef272adc664bda8f00d370969d1d9e860cade171 * Address some review comments by Emil Lundberg https://github.com/w3c/webauthn/commit/f97fb77e80ee38f1ab8bb71463c7342e357435c4 * Change "human being" to "natural person" and link to Wikipedia by Emil Lundberg https://github.com/w3c/webauthn/commit/a510bbfaabec0b6c6e433cae6bae515fbe829137 * Address the rest of @equalsJeffH's review comments by Emil Lundberg https://github.com/w3c/webauthn/commit/b78943880492bb4d57e774af02906d16fad06305 * Add @equalsJeffH's rewording by Emil Lundberg https://github.com/w3c/webauthn/commit/b136ba2d483c6e5a7905b1ca8a3d9714a9dd5cef * Merge branch 'master' into authenticator-taxonomy by JeffH https://github.com/w3c/webauthn/commit/4fcb56650e0556375d218fb05a0a54416954872f * Clarify difference between |x5c| and |aikCert| in TPM attstmt verification by Emil Lundberg https://github.com/w3c/webauthn/commit/fd73fa51b2f996ac58ab0ffddcb670ef3025088a * Clarify difference between |x5c| and |attestnCert| in Packed attstmt verification by Emil Lundberg https://github.com/w3c/webauthn/commit/b7f7fb47ff082baf5977cbc60af2d1748b86860a * Merge remote-tracking branch 'origin/master' into issue907 by Adam Langley https://github.com/w3c/webauthn/commit/7ef6a96e22c8e1b4a3773e0ac87e1a6174109257 * Merge remote-tracking branch 'origin/master' into issue575 by Adam Langley https://github.com/w3c/webauthn/commit/1678bbc8e6a6c63f06af909aad451fec8897d52b * Merge pull request #914 from agl/issue907 Eliminate the “not-supported” option for tokenBinding.status by Adam Langley https://github.com/w3c/webauthn/commit/a68f1a9256a7d73a71e68cec7d45f280dc46f033 * Merge pull request #904 from agl/issue575 Remove mention of a timeout for isUserVerifyingPlatformAuthenticatorAvailable by Adam Langley https://github.com/w3c/webauthn/commit/2d669ded704e8adffd6e1fe981bd46bbb40650ab * Use [WAC] text macro in Client definition by Emil Lundberg https://github.com/w3c/webauthn/commit/f2b40dbf7c77a745e7a5124f8e11eb912b16837d * Introduce WebAuthn Client Device term by Emil Lundberg https://github.com/w3c/webauthn/commit/2ef1db886a87173d8d6a44d5cfe46b0d665eea11 * Link Rate limiting by Emil Lundberg https://github.com/w3c/webauthn/commit/fc385a05d4b7294bd1468627bfe342d63f0ab352 * Mention rate limiting in UV definition by Emil Lundberg https://github.com/w3c/webauthn/commit/a6ab65d01d9fb6305229e1821c338bd573c3f6d4 * Address review comment See https://github.com/w3c/webauthn/pull/842#discussion_r195565487 by Emil Lundberg https://github.com/w3c/webauthn/commit/946007b7675f90bf0ffa9be048f6dfc9d02a76a5 * Resolve inline issue 2 by Emil Lundberg https://github.com/w3c/webauthn/commit/5c04f8b795c6f669ffd839ebf83752ce43314e17 * Address review comment See https://github.com/w3c/webauthn/pull/842#discussion_r195582774 by Emil Lundberg https://github.com/w3c/webauthn/commit/5945017a25332720f232eb2cfc83f104df1768a9 * Tone back trust assumption in authn ceremony structures section by Emil Lundberg https://github.com/w3c/webauthn/commit/b5810be37daaea39e7951cc0db9d6e0089fa1344 * Merge pull request #958 from emlun/pr-842-addon-attachment-modality-wordsmithing Address review comment by Emil Lundberg https://github.com/w3c/webauthn/commit/1efa1aca80ae37db3901435a19e413a574bebc91 * Merge pull request #957 from w3c/pr-842-addon-client-device Introduce WebAuthn Client Device term by Emil Lundberg https://github.com/w3c/webauthn/commit/c45853c221a8273ead7510c3c74302a9635ee224 * Merge pull request #959 from emlun/pr-842-addon-mention-rate-limiting Mention rate limiting in UV definition by Emil Lundberg https://github.com/w3c/webauthn/commit/c54ce0aa32eb7ddef65e0f841368a289a7fb136f * Delete hardline statement about trust requirement for UV See discussion in https://github.com/w3c/webauthn/pull/899#discussion_r195171633 by Emil Lundberg https://github.com/w3c/webauthn/commit/1e0471f6ca63ec4d20b2bbca107b0bc08ec91a4b * Revert "Change "human being" to "natural person" and link to Wikipedia" This reverts commit a510bbfaabec0b6c6e433cae6bae515fbe829137. by Emil Lundberg https://github.com/w3c/webauthn/commit/48d6579f37e1ad5eb9ada299255c62a1151ce680 * Specify extension types in listing instead of prose (#941) * Specify extension type in listing instead of prose * Change listing heading from "Extension type" to "Operation applicability" * Always capitalize Authentication in this context by Emil Lundberg https://github.com/w3c/webauthn/commit/10b27b671d42b437f0ce1bc3050f43f85a28d1db * Merge pull request #899 from w3c/issue-743-de-anon-priv-cons Document prevention of attacks on privacy by Emil Lundberg https://github.com/w3c/webauthn/commit/2b5246585fe1703cf13775275dba575126edb99a * Merge pull request #952 from w3c/issue-950-tpm-verification-clarity Improve clarity of |x5c| in packed and tpm attstmt verification procedures by Emil Lundberg https://github.com/w3c/webauthn/commit/b4e3fcc9b35584bc45fd83460c593620d25ae380 * Incorporate @equalsJeffH's suggested wording by Emil Lundberg https://github.com/w3c/webauthn/commit/40896e5920bf7d8ffcc7ce53475819795c0a009a * Use [=client device=] term in Attachment Modality section by Emil Lundberg https://github.com/w3c/webauthn/commit/3f3ace91c92e230ceab545bd7f3bdade264fb485 * Re-introduce missing definitions of [cross-]platform attachment by Emil Lundberg https://github.com/w3c/webauthn/commit/d26ecf4ac70da2ef8266b3279e66e3db6baff04d * Merge branch 'master' into authenticator-taxonomy by Emil Lundberg https://github.com/w3c/webauthn/commit/3766649f894ef76d3a17ddc0def7220a7d2fb010 * Fix reference to undefined [=transport=] by Emil Lundberg https://github.com/w3c/webauthn/commit/f937d21beedfafc2f69318d60a79b22e574bd31c * revise RP ID definition and Note (#970) by =JeffH https://github.com/w3c/webauthn/commit/e243c2c7e4958d1e9cf65bf7c9c7e1a9adcc30dc * Merging, per 27-Jun-18 working group call decision by Mike Jones https://github.com/w3c/webauthn/commit/a188cb7e1b13990b060994e6c63b5f86979b962c * ignored extn does not return a value (#967) * ignored extn does not return a value * move ignored extensions admonition, thx emlun! by =JeffH https://github.com/w3c/webauthn/commit/a583650f1e98abe83446fcf59d8ae8961be6784e * Merge pull request #960 from emlun/pr-956-addon-uv-trust Tone back trust assumption in authn ceremony structures section by Emil Lundberg https://github.com/w3c/webauthn/commit/93913dc39c35f2286cd9cf47f50a067e7ce9a8ef * Remove draft of use case descriptions by Emil Lundberg https://github.com/w3c/webauthn/commit/265fd3d1bc3dbf192cfc3fd7269e9f85606a1de2 * Add Issue: pointing out that Authenticator Taxonomy section is not complete by Emil Lundberg https://github.com/w3c/webauthn/commit/0366f515be6c3d79c88cc6e95ee43cdb608e5e65 * Revert "Add Issue: pointing out that Authenticator Taxonomy section is not complete" This reverts commit 0366f515be6c3d79c88cc6e95ee43cdb608e5e65. by Emil Lundberg https://github.com/w3c/webauthn/commit/699c58e95414e80abccf43395e191db79fc2ba53 * Revert "Remove draft of use case descriptions" This reverts commit 265fd3d1bc3dbf192cfc3fd7269e9f85606a1de2. by Emil Lundberg https://github.com/w3c/webauthn/commit/fe79b320c879ef7acd51e03b726172875e8adcf1 * Remove now unused image file by Emil Lundberg https://github.com/w3c/webauthn/commit/46d1fd96ade2e7af5c0f2033a1187f35a7d6e176 * Merge branch 'authenticator-taxonomy' into authenticator-taxonomy-use-cases by Emil Lundberg https://github.com/w3c/webauthn/commit/19964e8dc2fb14594ff5703845c9125075abdc49 * Revert "Remove now unused image file" This reverts commit 46d1fd96ade2e7af5c0f2033a1187f35a7d6e176. by Emil Lundberg https://github.com/w3c/webauthn/commit/b5335e92b8d0988cadc187373ab2b297a46f7380 * Merge branch 'master' into authenticator-taxonomy by Emil Lundberg https://github.com/w3c/webauthn/commit/bb8b4ec26494c0eaac072b7210400546825957e1 * Un-rewrap lines This should make @selfissued happy. :) by Emil Lundberg https://github.com/w3c/webauthn/commit/57c2b8f03f44c8febd8d50bd49a80bb935306058 * Merge branch 'authenticator-taxonomy' into authenticator-taxonomy-use-cases by Emil Lundberg https://github.com/w3c/webauthn/commit/21017aea87c177438a3bad20d984b5175e7e695e * Rewrite Authenticator taxonomy section introduction by Emil Lundberg https://github.com/w3c/webauthn/commit/2abe4c3fafa0a9e1eff698748ca702cc978d52b7 * Add user verifying authenticator types by Emil Lundberg https://github.com/w3c/webauthn/commit/e8329f4adb9e70e6c9dcd54609dc77d58f4eefc0 * Add Storage modality section by Emil Lundberg https://github.com/w3c/webauthn/commit/95d9a069bb70e3f4e1d4d8a76b64aba37805145a * Use storage modality term in Authenticator taxonomy section introduction by Emil Lundberg https://github.com/w3c/webauthn/commit/fc963ce26eaf572aba9476bc97bd512b69d1d25c * Reference storage modality term in Client-side-resident Credential Private Key definition by Emil Lundberg https://github.com/w3c/webauthn/commit/6a559d8d0ec1a5b994fbdcf1350dd4dea73930be * Add Authentication factor capability section by Emil Lundberg https://github.com/w3c/webauthn/commit/10c22a49d876e30bae9b18b91dd911c7c5ab5800 * Add adjective form of local storage modality by Emil Lundberg https://github.com/w3c/webauthn/commit/d7ee1e590bc19d7818bf4d71d8ad03cd2db0f61b * Delete Authentication ceremony structures section I plan to rewrite this later. by Emil Lundberg https://github.com/w3c/webauthn/commit/c6a92a7dde05f3981926db33389a00ba9ff6ecb0 * Address @selfissued's review comments by Emil Lundberg https://github.com/w3c/webauthn/commit/8babb62c94a577ae61b85693623a392ca0ff89c7 * Remove old references to deleted use case descriptions by Emil Lundberg https://github.com/w3c/webauthn/commit/62d97b106ffe3bc1fe6bd8a4ad34625e5c6f32e8 * fix #180: do not totally lose the term "WebAuthn Relying Party" (#974) * add dfn of webauthn RP * use webauthn rp term at section beginnings * fine tuning * corrections * more corrections by =JeffH https://github.com/w3c/webauthn/commit/4a2dd437f11fd5802560c64e3615bc6635e0f8ae * add domain-only rationale in two places (#975) by =JeffH https://github.com/w3c/webauthn/commit/6a6bf465c54a8ad4737c8064587b668a38a679cc * fix #866: clarify sentence wrt challenges (#977) * fix 866 * add link to CollectedClientData/challenge, thx emlun! by =JeffH https://github.com/w3c/webauthn/commit/a96110e1d087a09dada43ceb7fe5a6dc75e004d3 * Merge branch 'master' into authenticator-taxonomy by Emil Lundberg https://github.com/w3c/webauthn/commit/bb2f65a33da5a8c449b833431fa8edfe16d1b879 * Merge branch 'authenticator-taxonomy' into authenticator-taxonomy-use-cases by Emil Lundberg https://github.com/w3c/webauthn/commit/7fd2e85ac0f23dc6b08d7e5d1e79f4be78dc3fb5 * Add link to [=public key credential=] by Emil Lundberg https://github.com/w3c/webauthn/commit/c95c91d66605dbd3add21f6d328d071f83cac8d2 * merge from master by JeffH https://github.com/w3c/webauthn/commit/18e52313c06d05919b042b414acf161bc48132d9 * Fully qualify modality terms by Emil Lundberg https://github.com/w3c/webauthn/commit/96ba753fff88e759cccef20cc8547e9356fb2670 * Remove blank line by Emil Lundberg https://github.com/w3c/webauthn/commit/6aebb64750e7a82abef9a2a706e30c6edb46c60d * Fix up definition of local credential storage modality by Emil Lundberg https://github.com/w3c/webauthn/commit/092c4b25202d9051cf57521cfd85ecf4747a5053 * Use [=local storage capable=] instead of with...modality by Emil Lundberg https://github.com/w3c/webauthn/commit/f2ac68bcac99e89729a0967c730d1347cf8bfb7d * Combine two paragraphs about authentication factor classes by Emil Lundberg https://github.com/w3c/webauthn/commit/dfa78e50f2036e0f1e80bd99187e421f8fbec00b * Use [=client-side-resident credential private keys=] in definition of local storage modality by Emil Lundberg https://github.com/w3c/webauthn/commit/dbd2c84304a5564c523ae67bee9cf30cdde95e8f * Add (i.e., wrapping/unwrap) by Emil Lundberg https://github.com/w3c/webauthn/commit/f26c2712f3d881c8e327c6bb9818ee025645ab6d * Address review comments See https://github.com/w3c/webauthn/pull/956#pullrequestreview-136032383 by Emil Lundberg https://github.com/w3c/webauthn/commit/d95918495ceffe6044c70adf8b672f81d24bdf4a * Disambiguate appid extension output behaviour As discussed in issue #982: https://github.com/w3c/webauthn/issues/982 by Emil Lundberg https://github.com/w3c/webauthn/commit/905de00925b03fea9f9065f2cc47aa2a7098c5f3 * Merge pull request #956 from w3c/authenticator-taxonomy Authenticator taxonomy: Attachment modality (replaces #842) by Emil Lundberg https://github.com/w3c/webauthn/commit/2154486d6af399c3bcbd62a30962138ba94e9bf6 * fix #493: be explicit about "same user" is verified at get() time as was verified at create() time (#976) * add anchor to authnrMakeCred user consent step * add user-must-be-same adminition to authnrGetAssn * update comment wrt tagged step * make it a Note * spelling by =JeffH https://github.com/w3c/webauthn/commit/fe09a70a41372690257fa3730a6dc858ed4f1015 * fix 864: Note regarding CTAP2 integer keys vs webauthn string keys (#986) * fix 864: added Note * polish * 'client' rather than 'client platform' by =JeffH https://github.com/w3c/webauthn/commit/7709911ace404df7f6d01151cdef1013f7095e11 * Add recommendation of scoping platform credentials to OS accounts (#989) * Add recommendation of scoping platform credentials to OS accounts Note: [=client device=] is currently undefined; it will be added by commit 2ef1db88 in PR #956. https://github.com/w3c/webauthn/pull/956 * Expand OS acronym in section title by Emil Lundberg https://github.com/w3c/webauthn/commit/321e805b763bc86ff996403da6bfd13fade00125 * fix 364 timeout reasonable range (#971) by =JeffH https://github.com/w3c/webauthn/commit/9033fc6fccd602c3705a43927e11b53e55b45def * Merge pull request #995 from w3c/issue-982-disambiguate-appid-output Disambiguate appid extension output behaviour by Emil Lundberg https://github.com/w3c/webauthn/commit/005ec66866c2f3329f6c780a9351df275a2b9d8a * Merge pull request #979 from w3c/authenticator-taxonomy-use-cases Authenticator taxonomy: Authenticator types by Emil Lundberg https://github.com/w3c/webauthn/commit/ca80875c6dc6b6f0eb3f4a02f39774df652ddb09 * Merge branch 'master' into jeffh-fix-593-domstring-contents by JeffH https://github.com/w3c/webauthn/commit/1d57dc6c02d4aa0f6e67af2df9da1e48da635be9
Received on Wednesday, 11 July 2018 19:11:15 UTC