W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

[webauthn] new commits pushed by equalsJeffH

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 12 Jun 2018 21:53:10 +0000
To: public-webauthn@w3.org
Message-ID: <push-2b6a12dbc0ee482e05ebc72ac86982563a2b2e10-1528840388-sysbot+gh@w3.org>

The following commits were just pushed by equalsJeffH to https://github.com/w3c/webauthn:

* Add list of benefits RP gains from the spec
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/828b5bebeccad517f2a7d79e55a65b67db21563c

* Add RP conformance section on ignoring attestation
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/cb06c8af085f57585e84d4084d6d81fd61cbca9c

* Move discussion of RP benefits to security considerations
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e3ec29d34e09fb770724950a2115e51c8b15bfc4

* Clarify the U2F Attestation format to have a single certificate

The [U2F Raw Message Format](https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#h3_registration-response-message-success) only allows for a single attestation certificate in U2F responses.

This PR reflects this in the U2F Attestation Format to reduce the chance of misunderstanding when implementing the server verification.
  by Arnar Birgisson
https://github.com/w3c/webauthn/commit/4e19fe4099a5f7c0248c25fdf4b9e3ce7ba4a86d

* Refer "man-in-the-middle attack" to RFC 4949
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/ce8eadb662889222135f08d14a6f4498947dd887

* Note that self- and no-attestation is a "leap of faith" as defined by RFC 4949
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/da06b8f8718e653e720eef9c1a6fef9fa51bd6d0

* Add mention of authenticator policy enforcement to RP benefits section
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/9ea86baaf8037a9eeb0571f3a177823a586ac7df

* Address most of @equalsJeffH's review comments
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2b698256904e058643a132a0cac25c2977953f7b

* Add note about None being the default attestation type
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/dac35abe7d6bf49250fd4ab6b1544851a515bcd7

* Fixed example with incorrect allowCredential. Improved existing examples
  by Ackermann Yuriy
https://github.com/w3c/webauthn/commit/9bd9dd890984481a8c09a0d46d0a06875ea36c29

* Merge branch 'master' into issue-576-rp-no-attestation
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2fa1436aacd413290d0dec878eface01555f49f4

* Reference [[FIDO-Registry]] for raw EC public key format

See https://github.com/w3c/webauthn/issues/891
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8e004d001c950f5a155f5e4294d690cabe7186fa

* Use |authData| in both RP operations (#892)

* Replace |aData| and |adata| with |authData|

* Fix #875: cleanup: interstital blank line
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/96bc24a1ffcd71508e08f20e56c45a9a6994e637

* "with string-valued keys" => "whose keys are strings" (#880)

The wording "whose keys are strings" works.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/4f584b82eb9f513efabc1fd317c651df8128d3f2

* Merge pull request #836 from arnar/patch-1

Clarify the U2F Attestation format to have a single certificate
  by Adam Langley
https://github.com/w3c/webauthn/commit/92142acd0359d1d82fc7420b2704d011d560e1cc

* Fixed incorrect field size that makes all letters to overlap each other (#887)

Merging, per 2-May-18 call decision.
  by Ackermann Yuriy
https://github.com/w3c/webauthn/commit/b470728005ff9dc142722a39fc7d327813c1f2b4

* Merge pull request #893 from w3c/issue-891-ref-fido-registry

Reference [[FIDO-Registry]] for raw EC public key format
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b8e3f6429690a575a446a7242a567e22f42c4c2d

* draft-jones-webauthn-cose-algorithms-01 (#895)

Tracks initial IANA COSE Algorithm registrations that have been made
  by Mike Jones
https://github.com/w3c/webauthn/commit/7451b28a2464c6b4a6c4d2b01163b81227f2f578

* Replace [[FIDOReg]] with [[FIDO-Registry]]
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/80e6df67a0fe4624a83d3b68e1aeb8f8312b7e45

* Add section headings to [[FIDO-Registry]] references
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/164bce178a1bbae02cd121917efaaa833dd48ebe

* Track initial COSE algorithm registrations made for WebAuthn (#896)
  by Mike Jones
https://github.com/w3c/webauthn/commit/b3aa419a452cf73110885874e7c7550aaa128799

* Relax "highly resistant" to just "resistant"
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/333f22d85cf3448e2b54170fb404bc416daf85d7

* Merge branch 'master' into issue-576-rp-no-attestation
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/f80ea1a311a9ad55a08f12b6e22e64d741abe237

* Merge pull request #829 from emlun/issue-576-rp-no-attestation

Add RP conformance section on ignoring attestation
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/18501cdb9433bd11f484064e96ce9a462c44bc50

* Merge pull request #897 from w3c/issue-894-new-fido-registry

Replace [[FIDOReg]] with [[FIDO-Registry]]
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/1c3dd46e4952b15892a6ebfc4387c8e8369c35f0

* Fix issue with |savedCredentialId| scope

This fixes one of the inline issues in the spec.

Since the value of the |savedCredentialId| variable depends on the
credentials contained in each |authenticator|, a single global
|savedCredentialId| variable is not sufficient. Therefore a map of
|authenticator|s to |savedCredentialId|s is used instead.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/33cdaf1da2f0384266cc852f8fe8c3db49be7722

* Reformulate "lifetime of |lifetimeTimer|" as "until |lifetimeTimer| expires"
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e124cd769b561a8938fbed8e9964b3d0e20a2d7e

* Merge "for each authenticator" algorithm step into "while timer not expired" step

This merges the previous step 19 of makeCredential in as a switch case
of step 20, and the previous step 18 of getAssertion in as a switch case
of step 19. This way there is only one step in each algorithm that tries
to express things to do asynchronously for the duration of the timer.

The inline `Issue:`s mentioning underspecified behaviour are replaced
with descriptions of an abstract "set of presently available
authenticators" and `Note:`s indicating that this is intentionally
underspecified and meant to represent different connection and discovery
mechanisms all in one.

This also swaps the order of the previous steps 17 ("Start
|lifetimeTimer|.") and 18 ("Let |issuedRequests| be a new ordered set")
of makeCredential, for consistency with getAssertion and so that the
step "Start |lifetimeTimer|." immediately precedes the step "While
|lifetimeTimer| has not expired [...]".
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/56fd4467d5ff256fb391423bb35740dbce041853

* Fix issue #405

See https://github.com/w3c/webauthn/issues/405
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/26275b79c01f314515dcd63adef4e39ae56b39e8

* Fix dfn block formatting for AuthenticatorTransport as well
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/69cdf7b4e56ed5cd0f48400439840fcf7ac797ca

* Fix dfn block formatting for UserVerificationRequirement as well
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d3c10427c837b62b3e5765d5cdbc53038326c67d

* Fix dfn block formatting for AuthenticatorAttachment as well
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b49fd2717a9e22abdff25bc646047b2cda2043e2

* Fix dfn block formatting for TokenBinding and TokenBindingStatus
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/321a9db0b4cc433e8ea882d568844b3f81158b44

* Properly reference {{TokenBinding/id}} from {{TokenBinding/status}}
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/4d6991ba326af7ab706be7a7d5fd63215ea1a95e

* Add an “internal” AuthenticatorTransport.

The motivating example is a built-in fingerprint reader. It might be
connected via an I²C bus or the like, but the current
AuthenticatorTransport enumeration cannot express anything like that.

This change adds a catch-all for these internal transports because, from
the point of view of the client, they're all the same: there's nothing
for the user to do if they're not there so no point prompting them.

It also clarifies that the “usb” type means a removable USB device. Some
built-in hardware (esp in laptops) is connected via an internal USB bus,
but a user would not know that and would not want to be prompted like it
was a removable device in that case.
  by Adam Langley
https://github.com/w3c/webauthn/commit/6e4480e49b3de9ebb435bdcc30b8b22a4083f784

* Add @agl's commas
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/bc6dcf0ae53dc6dcfec16cda20ce6e3549540eff

* Emphasize that already-available authenticators also "become available"
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e5696ed6bee6f13d9eb1b2062ab1cce6d2298df7

* Remove (probably) outdated inline issue 2:

ISSUE 2 @balfanz wishes to add to the "direct" case: If the
authenticator violates the privacy requirements of the attestation type
it is using, the client SHOULD terminate this algorithm with an
"AttestationNotPrivateError".
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2582344c70504541b0248aa91d078c18a1118709

* Unnecessary to specify extension validity
  by Kim Paulhamus
https://github.com/w3c/webauthn/commit/045e92e40b00dd917ea970b59f3466e4cbf30ede

* Fix urlPrefix of FIDO-APPID anchors to agree with FIDO-APPID in biblio
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/73ec34024dfe5e50580ce1e9338184802676e67f

* Update FIDO references to newer versions of the documents
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/836b12623cf30066b98455059a63c10bf9a1dd6e

* Merge pull request #903 from agl/internal-transport

Add an “internal” AuthenticatorTransport.
  by Adam Langley
https://github.com/w3c/webauthn/commit/3c5e383f0f5642e9d5815d97480e7d1b198356fe

* Emphasize credentialId randomness in example
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b79038beadb2bff11afd3194c133182633acc39b

* Merge branch 'master' into patch-2
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/557ac578faf052d48893d7c23650a06d42fa0fcf

* Update more FIDO references
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/a43d1792ffaa7b7b6c9c92e1d4479c35d24afe1a

* Merge branch 'master' into issue-405-dfn-blocks
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/4fc53d8f765b745b74e8c978b174d7e9b4285048

* Fix run-on sentences in example comments
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/a86910e927ba25510e3ce702374285516639ef01

* Use consistent formatting for "true" in prose
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/59acf19709bb64ab89b59fa37d91f8eda3bdc80d

* Use consistent formatting for "false" in prose
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/a067ae4239c43b1467daad5288494accf13456ab

* Fix uses of "Boolean" in prose text
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d368b688e3c62d9ea811f0d871bcc61fddb25769

* Update index.bs
  by gmandyam
https://github.com/w3c/webauthn/commit/5e08a1d71eaab8703e9ee6ddd5ca59eb3607bf8e

* Merge pull request #924 from gmandyam/master

Modify Location Extension description
  by gmandyam
https://github.com/w3c/webauthn/commit/bcd08c6641e8ff3bb43b5ba8c23b0df81c602027

* Merge pull request #922 from w3c/issue-921-boolean-formatting

Fix formatting of Boolean values and type name
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/454985fd9477b1c4241cf8f8333ef34054279f22

* Merge branch 'master' into issue-898-update-fido-refs
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/f9b5981a3ec09c2842df8f2c5e9f9431cac9dd4f

* Merge pull request #913 from w3c/issue-898-update-fido-refs

Update FIDO references to newer documents
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2c6faa8cad963a9dd2eacbb19022cdee4001a745

* Remove other unnecessary statements
  by Kim Paulhamus
https://github.com/w3c/webauthn/commit/8e7635112e375f2a5f862d34da188670ae829357

* Merge branch 'master' into issue-405-dfn-blocks
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d2505b4c949ae5978ff29e3a1412e9532a5e6640

* Merge branch 'master' into issue-613-hot-plugging-finish
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/25527753261d554425a4daac7302744e1ff6b5c6

* Merge branch 'master' into issue-613-hot-plugging-finish
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/f2fae2ed1f083232561134a6afa90f851c76e528

* Merge branch 'master' into issue-613-hot-plugging-finish
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c8f110d9765a2a9aeee2d68bcf7e1e9fd31f3ba8

* Create draft-jones-webauthn-secp256k1 to register secp256k1 curve and algorithm identifiers (#918)

Posted as https://tools.ietf.org/html/draft-jones-webauthn-secp256k1-00
  by Mike Jones
https://github.com/w3c/webauthn/commit/c24321f2eb778e880de14b463c5887915e758a95

* Merge pull request #908 from w3c/issue-454-inline-issue-2

Remove (probably) outdated inline issue 2
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d3c0757acd9f630774ce3d5ecf8d8e0fe93c6ab0

* Merge pull request #901 from w3c/issue-405-dfn-blocks

Adopt definition list markdown notation for dfn blocks
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/0f5b3a806a9f8e2ff02207fd673e130db2bb0db2

* Merge pull request #910 from kpaulh/trim-extensions

Trim unnecessary step from appId extension
  by kpaulh
https://github.com/w3c/webauthn/commit/b455562d9c50af7fca0c753779d80f2c95784447

* Merge pull request #888 from herrjemand/patch-2

Fixed example with incorrect allowCredential. Improved existing examples
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/f3b706b2b1a47ce53de8ebfa74fd88d486143fee

* Merge pull request #900 from w3c/issue-613-hot-plugging-finish

Finish up hot-plugging algorithm language
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b0ca15fa82e531dadaba9fc49c8c7abf141ef4d5

* Address some of @equalsJeffH's review comments
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/990b892c9f8f15f6403a1665d48c5748e9bc38f5

* Reword definitions of |authenticators|
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8b6b7e1ded0f64806da8a739f4879bc5edfc7c6f

* Merge pull request #940 from w3c/pr-900-post-merge-review

PR #900 post-merge review changes
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/5cc9a6ac8cd9485ea3c23b40e9d230c11cfdaaaa

* Per Credential Signature Counters (#935)

* PerCredentialSignatureCounters

* shouldSHOULD
  by Akshay Kumar
https://github.com/w3c/webauthn/commit/f0acd1ade1ad27bccf52e85435ae7256f275d05d

* improve #936: existing linking lint (#944)

merging this editorial fixup PR...

* remove some dfn tags from section headers, improves issue #936

* tag occurances of 'verification procedure' improves issue #936

* un-dfn DAA improves #936

* un-dfn non-attstn fmt, improves #936

* Review of PR #944 (#945)

* Replace old <dfn>s with links

* Eliminate <dfn> for "No attestation statement"

Since its text never appears again in the document, change the one link
to it to point to <dfn>None</dfn> instead.

* Add link to "none" attestation statement format from None attestation type
  by =JeffH
https://github.com/w3c/webauthn/commit/204da2313c68f13b1baef9442733491c94fe58b2

* Merge branch 'master' into issue-151-credential-portability
  by JeffH
https://github.com/w3c/webauthn/commit/2b6a12dbc0ee482e05ebc72ac86982563a2b2e10
Received on Tuesday, 12 June 2018 21:53:21 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC