[webauthn] Pull Request: Finish up hot-plugging algorithm language

emlun has just submitted a new pull request for https://github.com/w3c/webauthn:

== Finish up hot-plugging algorithm language ==
This fixes #613.

This makes changes to the client algorithms, so it could technically be construed as breaking, but in practice this should be more of an editorial re-wording that still agrees with what implementations actually do. At least, that is the intent.

- This merges the previous step 19 of [makeCredential][mc] in as a switch case of step 20, and the previous step 18 of [getAssertion][ga] in as a switch case of step 19. This way there is only one step in each algorithm that tries to express things to do asynchronously for the duration of the timer.

- The inline `Issue:`s mentioning underspecified behaviour are replaced with descriptions of an abstract "set of presently available authenticators" and `Note:`s indicating that this is intentionally underspecified and meant to represent different connection and discovery mechanisms all in one.

- This also swaps the order of the previous steps 17 ("Start _lifetimeTimer_.") and 18 ("Let _issuedRequests_ be a new ordered set") of [makeCredential][mc], for consistency with [getAssertion][ga] and so that the step "Start _lifetimeTimer_." immediately precedes the step "While _lifetimeTimer_ has not expired [...]".

- This also fixes the `Issue:` about the incorrect scope of _savedCredentialId_ in [getAssertion]. This variable is replaced by a top-level _savedCredentialIds_ variable containing a map of <i>authenticator</i>s to credential IDs, to preserve the previous scoping of the _savedCredential_ variable to a specific _authenticator_.

[mc]: https://w3c.github.io/webauthn/#createCredential
[ga]: https://w3c.github.io/webauthn/#getAssertion

See https://github.com/w3c/webauthn/pull/900

Received on Wednesday, 9 May 2018 16:47:56 UTC