- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 23 May 2018 12:04:09 +0000
- To: public-webauthn@w3.org
`$ git diff --ignore-all-space $(git merge-base master issue-613-hot-plugging-finish) issue-613-hot-plugging-finish`:
```diff --git a/index.bs b/index.bs
index 9cc2c53..5af0577 100644
--- a/index.bs
+++ b/index.bs
@@ -870,17 +870,32 @@ When this method is invoked, the user agent MUST execute the following algorithm
[=AbortSignal/aborted flag=] is set to true, return a {{DOMException}} whose name is "{{AbortError}}"
and terminate this algorithm.
+1. Let |issuedRequests| be a new [=ordered set=].
+
+1. Let |authenticators| represent a [=set=] of platform-specific handles, where each value identifies an [=authenticator=]
+ presently available on this platform at a given instant.
+
+ Note: What qualifies an [=authenticator=] as "available" is intentionally unspecified; this is meant to represent how
+ [=authenticators=] can be hot-plugged into (e.g., via USB) or discovered (e.g., via NFC or Bluetooth) by the [=client=] by
+ various mechanisms, or permanently built into the [=client=].
+
1. Start |lifetimeTimer|.
-1. Let |issuedRequests| be a new [=ordered set=].
+1. [=While=] |lifetimeTimer| has not expired, perform the following actions depending upon |lifetimeTimer|,
+ and the state and response [=set/for each=] |authenticator| in |authenticators|:
+ <dl class="switch">
+ : If |lifetimeTimer| expires,
+ :: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] operation on |authenticator|
+ and [=set/remove=] |authenticator| from |issuedRequests|.
-1. [=set/For each=] |authenticator| that becomes available on this platform during the lifetime of |lifetimeTimer|, do the
- following:
+ : If the <code>|options|.{{CredentialCreationOptions/signal}}</code> is [=present=] and its
+ [=AbortSignal/aborted flag=] is set to true,
+ :: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=]
+ operation on |authenticator| and [=set/remove=] |authenticator| from |issuedRequests|. Then return a {{DOMException}}
+ whose name is "{{AbortError}}" and terminate this algorithm.
- Issue: The definitions of "lifetime of" and "becomes available" are intended to represent how
- devices are hot-plugged into (USB) or discovered by (NFC) browsers, and are underspecified.
- Resolving this with good definitions or some other means will be addressed by resolving
- [Issue #613](https://github.com/w3c/webauthn/issues/613).
+ : If an |authenticator| becomes available on this platform,
+ :: Note: This includes if the |authenticator| was initially available when |lifetimeTimer| started.
1. If <code>|options|.{{PublicKeyCredentialCreationOptions/authenticatorSelection}}</code> is [=present=]:
@@ -940,18 +955,8 @@ When this method is invoked, the user agent MUST execute the following algorithm
1. [=set/Append=] |authenticator| to |issuedRequests|.
-1. [=While=] |lifetimeTimer| has not expired, perform the following actions depending upon |lifetimeTimer| and responses from the
- authenticators:
- <dl class="switch">
- : If |lifetimeTimer| expires,
- :: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] operation on |authenticator|
- and [=set/remove=] |authenticator| from |issuedRequests|.
-
- : If the <code>|options|.{{CredentialCreationOptions/signal}}</code> is [=present=] and its
- [=AbortSignal/aborted flag=] is set to true,
- :: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=]
- operation on |authenticator| and [=set/remove=] |authenticator| from |issuedRequests|. Then return a {{DOMException}}
- whose name is "{{AbortError}}" and terminate this algorithm.
+ : If an |authenticator| ceases to be available on this platform,
+ :: [=set/Remove=] |authenticator| from |issuedRequests|.
: If any |authenticator| returns a status indicating that the user cancelled the operation,
:: 1. [=set/Remove=] |authenticator| from |issuedRequests|.
@@ -1200,17 +1205,34 @@ When this method is invoked, the user agent MUST execute the following algorithm
1. Let |issuedRequests| be a new [=ordered set=].
-1. Let |authenticator| be a platform-specific handle whose value identifies an [=authenticator=].
+1. Let |savedCredentialIds| be a new [=map=].
+
+1. Let |authenticators| represent a [=set=] of platform-specific handles, where each value identifies an [=authenticator=]
+ presently available on this platform at a given instant.
+
+ Note: What qualifies an [=authenticator=] as "available" is intentionally unspecified; this is meant to represent how
+ [=authenticators=] can be hot-plugged into (e.g., via USB) or discovered (e.g., via NFC or Bluetooth) by the [=client=] by
+ various mechanisms, or permanently built into the [=client=].
1. Start |lifetimeTimer|.
-1. [=set/For each=] |authenticator| that becomes available on this platform during the lifetime of
- |lifetimeTimer|, perform the following steps:
+1. [=While=] |lifetimeTimer| has not expired, perform the following actions depending upon |lifetimeTimer|,
+ and the state and response [=set/for each=] |authenticator| in |authenticators|:
- Issue: The definitions of "lifetime of" and "becomes available" are intended to represent how
- devices are hot-plugged into (USB) or discovered by (NFC) browsers, and are underspecified.
- Resolving this with good definitions or some other means will be addressed by resolving
- [Issue #613](https://github.com/w3c/webauthn/issues/613).
+ <dl class="switch">
+
+ : If |lifetimeTimer| expires,
+ :: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] operation on
+ |authenticator| and [=set/remove=] |authenticator| from |issuedRequests|.
+
+ : If the {{CredentialRequestOptions/signal}} member is [=present=] and the [=AbortSignal/aborted flag=] is set to
+ true,
+ :: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] operation on |authenticator|
+ and [=set/remove=] |authenticator| from |issuedRequests|. Then
+ return a {{DOMException}} whose name is "{{AbortError}}" and terminate this algorithm.
+
+ : If an |authenticator| becomes available on this platform,
+ :: Note: This includes if the |authenticator| was initially available when |lifetimeTimer| started.
1. If <code>|options|.{{PublicKeyCredentialRequestOptions/userVerification}}</code> is set to
{{UserVerificationRequirement/required}} and the |authenticator| is not capable of performing [=user verification=],
@@ -1260,14 +1282,10 @@ When this method is invoked, the user agent MUST execute the following algorithm
1. Let |distinctTransports| be a new [=ordered set=].
- 1. If |allowCredentialDescriptorList| has exactly one value, let |savedCredentialId| be a new
- {{PublicKeyCredentialDescriptor}}.{{PublicKeyCredentialDescriptor/id}} and set its value to <code>|allowCredentialDescriptorList|[0].id</code>'s
+ 1. If |allowCredentialDescriptorList| has exactly one value, set
+ <code>|savedCredentialIds|[|authenticator|]</code> to <code>|allowCredentialDescriptorList|[0].id</code>'s
value (see [here](#authenticatorGetAssertion-return-values) in [[#op-get-assertion]] for more information).
- Issue: The foregoing step _may_ be incorrect, in that we are attempting to create |savedCredentialId|
- here and use it later below, and we do not have a global in which to allocate a place for it. Perhaps this
- is good enough? addendum: [@jcjones feels the above step is likely good enough](https://github.com/w3c/webauthn/pull/665#discussion_r148130187).
-
1. [=list/For each=] credential descriptor |C| in |allowCredentialDescriptorList|,
[=set/append=] each value, if any, of <code>|C|.{{transports}}</code> to |distinctTransports|.
@@ -1304,20 +1322,8 @@ When this method is invoked, the user agent MUST execute the following algorithm
1. [=set/Append=] |authenticator| to |issuedRequests|.
-1. [=While=] |lifetimeTimer| has not expired, perform the following actions depending upon |lifetimeTimer|
- and responses from the authenticators:
-
- <dl class="switch">
-
- : If |lifetimeTimer| expires,
- :: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] operation on
- |authenticator| and [=set/remove=] |authenticator| from |issuedRequests|.
-
- : If the {{CredentialRequestOptions/signal}} member is [=present=] and the [=AbortSignal/aborted flag=] is set to
- true,
- :: [=set/For each=] |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] operation on |authenticator|
- and [=set/remove=] |authenticator| from |issuedRequests|. Then
- return a {{DOMException}} whose name is "{{AbortError}}" and terminate this algorithm.
+ : If an |authenticator| ceases to be available on this platform,
+ :: [=set/Remove=] |authenticator| from |issuedRequests|.
: If any |authenticator| returns a status indicating that the user cancelled the operation,
:: 1. [=set/Remove=] |authenticator| from |issuedRequests|.
@@ -1336,10 +1342,10 @@ When this method is invoked, the user agent MUST execute the following algorithm
1. Let <var ignore>assertionCreationData</var> be a [=struct=] whose [=items=] are:
: <code><dfn for="assertionCreationData">credentialIdResult</code>
- :: If |savedCredentialId| exists, set the value of [=credentialIdResult=] to be the bytes of
- |savedCredentialId|. Otherwise, set the value of [=credentialIdResult=] to be the bytes of the
- [=credential ID=] returned from the successful [=authenticatorGetAssertion=] operation, as defined in
- [[#op-get-assertion]].
+ :: If <code>|savedCredentialIds|[|authenticator|]</code> exists, set the value of [=credentialIdResult=] to be
+ the bytes of <code>|savedCredentialIds|[|authenticator|]</code>. Otherwise, set the value of
+ [=credentialIdResult=] to be the bytes of the [=credential ID=] returned from the successful
+ [=authenticatorGetAssertion=] operation, as defined in [[#op-get-assertion]].
: <code><dfn for="assertionCreationData">clientDataJSONResult</dfn></code>
:: whose value is the bytes of |clientDataJSON|.
```
--
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/900#issuecomment-391322185 using your GitHub account
Received on Wednesday, 23 May 2018 12:04:17 UTC