- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Tue, 26 Jun 2018 18:38:02 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by emlun to https://github.com/w3c/webauthn: * Document prevention of attacks on privacy by Emil Lundberg https://github.com/w3c/webauthn/commit/10e12d0bfffa8d5cf6980425e90766d66050ff0d * Reference §14.4 in §14.2 by Emil Lundberg https://github.com/w3c/webauthn/commit/6a83ec06d619aedee05d1f9892f453689b6fcb1b * Remove mention of a timeout for isUserVerifyingPlatformAuthenticatorAvailable. As discussed on the issue, implementations appear to be converging on implementing this call without prompting the user and returning immediately. The wording in this section is loose enough that implementations that wish to continue using a timeout can find enough slack to do so, but this change removes the firm suggestion to do so. Also, align the spacing of “Promise<T>” to match the style used elsewhere in the W3C specs. Fixes #575 by Adam Langley https://github.com/w3c/webauthn/commit/f55c4c3a38ef18349b1feb91f8763875c39758d5 * Eliminate the “not-supported” option for tokenBinding.status The tokenBinding member is optional so this created two different ways to encode that tokenBinding wasn't supported: omitting tokenBinding completely and including it with status = “not-supported”. This change eliminates the second option. This matches Firefox's current behaviour and Chrome will align. Fixes #907. by Adam Langley https://github.com/w3c/webauthn/commit/df81b61d660079345c1e40afc2762ea812db96f0 * Specify the meaning of omitting tokenBinding. by Adam Langley https://github.com/w3c/webauthn/commit/31aed6629c957829466415ad62d93e2210524e3f * Address @selfissued's review comments by Emil Lundberg https://github.com/w3c/webauthn/commit/0b3e939f9142a1b7c8d1edb9d9c0e354cfbc9866 * Remove confirmation prompt from isUserVerifyingPlatformAuthenticatorAvailable() See: - https://github.com/w3c/webauthn/issues/575#issuecomment-386059592 - https://github.com/w3c/webauthn/issues/575#issuecomment-386650507 - https://github.com/w3c/webauthn/issues/575#issuecomment-393134099 by Emil Lundberg https://github.com/w3c/webauthn/commit/ad22fce9fbe6685490dd767bb52445e600c9af88 * Merge branch 'master' into issue907 by Adam Langley https://github.com/w3c/webauthn/commit/0db8a61125c6dbb88474207123e34e1742f666cc * Merge pull request #1 from w3c/issue575-remove-consent-prompt Remove confirmation prompt from isUVPAA by Adam Langley https://github.com/w3c/webauthn/commit/82b6b3732eee66d37672454ea59fb93eb608bc6b * Merge branch 'master' into issue575 by Adam Langley https://github.com/w3c/webauthn/commit/06db112d81e09878257e54e7febaabe16f4a89e6 * Change “optional” to “OPTIONAL”. by Adam Langley https://github.com/w3c/webauthn/commit/802ddec2c7b0bdcbe01bdd2b89715bd4043f5cd9 * Address some review comments by Emil Lundberg https://github.com/w3c/webauthn/commit/f97fb77e80ee38f1ab8bb71463c7342e357435c4 * Change "human being" to "natural person" and link to Wikipedia by Emil Lundberg https://github.com/w3c/webauthn/commit/a510bbfaabec0b6c6e433cae6bae515fbe829137 * Address the rest of @equalsJeffH's review comments by Emil Lundberg https://github.com/w3c/webauthn/commit/b78943880492bb4d57e774af02906d16fad06305 * Add @equalsJeffH's rewording by Emil Lundberg https://github.com/w3c/webauthn/commit/b136ba2d483c6e5a7905b1ca8a3d9714a9dd5cef * Clarify difference between |x5c| and |aikCert| in TPM attstmt verification by Emil Lundberg https://github.com/w3c/webauthn/commit/fd73fa51b2f996ac58ab0ffddcb670ef3025088a * Clarify difference between |x5c| and |attestnCert| in Packed attstmt verification by Emil Lundberg https://github.com/w3c/webauthn/commit/b7f7fb47ff082baf5977cbc60af2d1748b86860a * Merge remote-tracking branch 'origin/master' into issue907 by Adam Langley https://github.com/w3c/webauthn/commit/7ef6a96e22c8e1b4a3773e0ac87e1a6174109257 * Merge remote-tracking branch 'origin/master' into issue575 by Adam Langley https://github.com/w3c/webauthn/commit/1678bbc8e6a6c63f06af909aad451fec8897d52b * Merge pull request #914 from agl/issue907 Eliminate the “not-supported” option for tokenBinding.status by Adam Langley https://github.com/w3c/webauthn/commit/a68f1a9256a7d73a71e68cec7d45f280dc46f033 * Merge pull request #904 from agl/issue575 Remove mention of a timeout for isUserVerifyingPlatformAuthenticatorAvailable by Adam Langley https://github.com/w3c/webauthn/commit/2d669ded704e8adffd6e1fe981bd46bbb40650ab * Delete hardline statement about trust requirement for UV See discussion in https://github.com/w3c/webauthn/pull/899#discussion_r195171633 by Emil Lundberg https://github.com/w3c/webauthn/commit/1e0471f6ca63ec4d20b2bbca107b0bc08ec91a4b * Revert "Change "human being" to "natural person" and link to Wikipedia" This reverts commit a510bbfaabec0b6c6e433cae6bae515fbe829137. by Emil Lundberg https://github.com/w3c/webauthn/commit/48d6579f37e1ad5eb9ada299255c62a1151ce680 * Specify extension types in listing instead of prose (#941) * Specify extension type in listing instead of prose * Change listing heading from "Extension type" to "Operation applicability" * Always capitalize Authentication in this context by Emil Lundberg https://github.com/w3c/webauthn/commit/10b27b671d42b437f0ce1bc3050f43f85a28d1db * Merge pull request #899 from w3c/issue-743-de-anon-priv-cons Document prevention of attacks on privacy by Emil Lundberg https://github.com/w3c/webauthn/commit/2b5246585fe1703cf13775275dba575126edb99a * Merge pull request #952 from w3c/issue-950-tpm-verification-clarity Improve clarity of |x5c| in packed and tpm attstmt verification procedures by Emil Lundberg https://github.com/w3c/webauthn/commit/b4e3fcc9b35584bc45fd83460c593620d25ae380 * Merge branch 'master' into authenticator-taxonomy by Emil Lundberg https://github.com/w3c/webauthn/commit/3766649f894ef76d3a17ddc0def7220a7d2fb010
Received on Tuesday, 26 June 2018 18:38:06 UTC