[webauthn] new commits pushed by rlin1 from Rolf Lindemann via GitHub on 2019-06-05 (public-webauthn@w3.org from June 2019)

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Wed, 05 Jun 2019 11:19:32 +0000
To: public-webauthn@w3.org
Message-ID: <push-014bc63556ff07ab552262542066a04f7f00b7f1-1559733569-sysbot+gh@w3.org>
The following commits were just pushed by rlin1 to https://github.com/w3c/webauthn:

* Clarify user identification in RP assertion verification operation
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/175d9fc98be8d9bcc110bbe62e307ea784428cae

* Fix typo in figure 1
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/66573376668da60df4b631bd3212ccae5b85cb59

* Move text in Figure 1 to within bounding box
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d0397670a6ee2a9ccd0ae926adb2eea2c5a8d215

* Use "user handle mapped to user" language in user identification step
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/9f1a5d348e541cfdb03422b8d169a12cedbee851

* Add examples of how user might be identified
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c19327d6f8646f16f50a19c101140f8fcc852922

* Fix typos in get() algorithm
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/24cd9df04448a794eb894eaa150a3b7467045eab

* In safetynet attestation "nonce" is base64, not base64url
  by Ackermann Yuriy
https://github.com/w3c/webauthn/commit/7b487ffdac3a49bb09d2900f9a3e5fc8de874746

* Add the word "OPTIONAL" to `userVerification` field to match surrounding style.

Previously, `userVerification` was the only optional field of `PublicKeyCredentialRequestOptions` that didn't include the word "OPTIONAL", which can suggest at first glance that this field is not optional like the other optional ones. Adding the word is simple, and should avoid potential confusion.
  by Lucas Garron
https://github.com/w3c/webauthn/commit/0225a138b9a7bb9054de4c1b276f2403e9f7d80a

* Rewrite security consideration on attestation and MitM attacks
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/782c678493385ff7e91f7fa93f6346e5bba58727

* Note that attacker can replace the whole PublicKeyCredential object
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/3ee0abed3f75a2de9080ca441319c192911071c5

* Rephrase part about higher attack difficulty with direct attestation types
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/4e2f2d913cca4b5e27bd89d429b36a60f0e52f14

* update token binding citation (#1087)

* update token binding citation

* update tokbind ref to published RFC8471
  by =JeffH
https://github.com/w3c/webauthn/commit/0c513dfd6ced48656e39c5dd7b17c2e81aa5d789

* update token binding citation (#1087)

* update token binding citation

* update tokbind ref to published RFC8471
  by =JeffH
https://github.com/w3c/webauthn/commit/5643359a906fa137a2b03c74173a95cf3f7d4f08

* update token binding citation (#1087)

* update token binding citation

* update tokbind ref to published RFC8471
  by =JeffH
https://github.com/w3c/webauthn/commit/ddbd15a9ad347a04b6639576974c60362787ead0

* update token binding citation (#1087)

* update token binding citation

* update tokbind ref to published RFC8471
  by =JeffH
https://github.com/w3c/webauthn/commit/f77a1abe9a8866168b7152f97ede0eb8e53691a3

* update token binding citation (#1087)

* update token binding citation

* update tokbind ref to published RFC8471
  by =JeffH
https://github.com/w3c/webauthn/commit/bc195aad084d73e570c581b12f866caff60ec222

* May->might (#1103)

https://github.com/w3c/webauthn/issues/1098
  by Wendy Seltzer
https://github.com/w3c/webauthn/commit/742c773cbc20b3cafa22533916d2528ff87e1361

* Clarify UP and UV flags in authenticator data section
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/7afd02eac65a555f694ed3d7b7cecde51fbb104c

* Refine introduction to compliant authenticators (#1109)

* Refine introduction to compliant authenticators

* Link terms: Platform Authenticators, Roaming Authenticators

As suggested in
https://github.com/w3c/webauthn/pull/1109#pullrequestreview-175007665
  by Mike Jones
https://github.com/w3c/webauthn/commit/7b1ca9d43ac6c63fa753bd24a5446226728e21d9

* Refine FIDO Security Considerations language (#1110)
  by Mike Jones
https://github.com/w3c/webauthn/commit/44cd21e0b8049dd2ae37ba5db14f5c35b6ab7be3

* Merge pull request #1094 from lgarron/optional-userVerification

Add the word "OPTIONAL" to `userVerification` field to match surrounding style.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b2b114164460351a3e9941daf973ee63c3ea7950

* Merge pull request #1085 from w3c/issue-1084-figure-typo

Fix typo in Figure 1
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8b5bbf56617c684c17dc750fcb51488caccea965

* Merge pull request #1113 from w3c/issue-1112-clarify-uv-up-flags

Clarify UP and UV flags in authenticator data section
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8fd57e34f23f3322dcd62a4b469fbc0c24e62112

* Note that appid should be set to the previously used AppID
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/486eb7b12fb443c4eab6ae8795d81c8f27d48710

* Match text for identical verification steps

When verifying the registration response, we use different text than the identical step in verifying assertion. The hash is also referred/linked as 'RP ID Hash'  in the registration step text, rather than being referred/linked as the more helpful `rpIdHash`
  by Nick Steele
https://github.com/w3c/webauthn/commit/142cb066b67d4b9dc99e07990815645461ff6c64

* Fix typo in credential registration steps
  by Nick Steele
https://github.com/w3c/webauthn/commit/5b083f934c2a2c5989f134316245475e2777a8d3

* Merge pull request #1092 from w3c/issue-1089-extensions-argument-typo

Fix typos in get() algorithm
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2b826ef655faac81f24e92f93f78f62606bd80cb

* Merge pull request #1119 from nicksteele/patch-1

Match text for identical verification steps
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/f332dfe3dc31c9c336789812a8715c9eca24c38b

* Singularize Relying Parties' to Relying Party's
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b78f82a7582ed7090a3341f079df4475fa58108b

* Clarify user identification in RP assertion verification operation (#1082)

Merging per review during 9-Jan-19 call
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c537d1ce6c9e420496ce5fcedb21393fea621baa

* Singularize Relying Parties' to Relying Party's (#1126)
  by J.C. Jones
https://github.com/w3c/webauthn/commit/d0b1603b0eae2ff0168aac4127fa4611e6171942

* Merge pull request #1120 from nicksteele/patch-2

Fix typo in credential registration steps
  by J.C. Jones
https://github.com/w3c/webauthn/commit/c3ac19bac411e7bf92d43250bf07084404c011bd

* Merge pull request #1093 from herrjemand/patch-3

In safetynet attestation "nonce" is base64, not base64url
  by J.C. Jones
https://github.com/w3c/webauthn/commit/ad9bd4708bc64a05b2d34403061414a288f0c99c

* Remove extraneous newline
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/dafc308339f5e3875134ecb5d8b3dd87a9b67b26

* Add definition alias "WebAuthn Authenticator"
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d5facf08f4696a6457a7a8ec2c8caf709a15207e

* Use WebAuthn Authenticator term where appropriate

- Existing occurrences of "WebAuthn authenticator"
- First occurrence of "authenticator" in each major section
  - except section 7 because the first occurrence is in one of the
    algorithm steps.
  - except section 8 because the first occurrence is in the second
    subsection.
  - except section 10 because the first occurrence is in the extension
    definitions.
  - except section 11 because the first occurrence is in an item in a
    bullet-point list.
  - except section 12 because the first occurrence is already linked to
    "first-factor roaming authenticator".
  - except section 14 because the first occurrence is in an item in a
    bullet-point list.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/ca629756f3589c4bf17431156e13d5f362be9c21

* Add examples of authenticator types to Authenticator definition
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/a68031ae0bf89875788289bc2b537e29ede993e1

* Use RFC2119 for defined extensions (#1134)
  by Philippe Le Hegaret
https://github.com/w3c/webauthn/commit/c610a95ac555ea86bb8eb52640b947bdc36e6c5d

* Let requireUserPresence always be true in authenticator operations

This fixes an oversight in commit
7f831e3c7ebf669041c6413acc8005c3efa0eb8b which causes it to be
technically allowed for the authenticator to return (UV = 1, UP = 0),
though the RP operations as currently specified would not accept such a
response.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d9de1254080f44244954f378828046108911afd1

* Fix android-safetynet trust path
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e09147554d84e808996344879f8d52791827ceaf

* Determine appid extension output after authenticator returns

This fixes the following corner case:

1. The user has a U2F authenticator A plugged in, which has been
   registered via the U2F API (i.e., with AppID).
2. The user has a CTAP2 authenticator B plugged in, which has been
   registered via the WebAuthn API (i.e., with RP ID).
3. The user initiates an authentication ceremony and the RP sets the
   `appid` extension.
4. The client runs the above client processing and discovers that
   authenticator A does not contain a credential for the RP ID, and
   retries with the AppID. This succeeds, and the client sets the
   extension's _output_ to `true`.
5. The client initiates authentication requests with both authenticator
   A and B, which both prompt the user for consent.
6. The user confirms user consent on authenticator B, which generates an
   assertion for the RP ID.
7. The client returns the assertion for the RP ID and the `appid` client
   extension output set to `true`.

So it was possible for the extension output to end up being `true` even
though the RP should verify the assertion using the RP ID and not the
AppID.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/776b7b14d6e8f64b101db7e92318c877c588e861

* Add None attestation case to RP ops registration step 16
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/1091652cbc24048c6bb2529aaa6f35d0596d627f

* Merge branch 'master' into pr-1082-user-handle-mapped
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/443a5567315c47eb65d830e3d00ae6fffe732a92

* Update wording as suggested by @selfissued

See https://github.com/w3c/webauthn/pull/1091#discussion_r254050190
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/10e5b47e5fa84b57665708ca70f98c802abd3df7

* update spec to Level 2 (#1156)

Ok, since we had agreement on this week's call on doing this, am merging. 
fixes #1138 #1155
  by =JeffH
https://github.com/w3c/webauthn/commit/c5c29b0eaf3cf072fca263184ab4870c13ec1e00

* Recommend minimal basic attestation batches (#1141)
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b4a6110c20e7e03b526ad798aa1c8b6adff4bb4d

* Provide transport information during registration. (#1050)

* Provide transport information during registration.

This change adds a `getTransports` method to
`AuthenticatorAttestationResponse` that returns the
`AuthenticatorTransport` used to perform a registration, as well as
other transports that the user agent believes that the authenticator
supports.

Fixes #889
Fixes #851
See also #882

* Update in light of PR discussion.

[ went ahead and merged due to no objections to doing so ]
  by Adam Langley
https://github.com/w3c/webauthn/commit/11d549048ac5e462a4f9f44499032302adb29800

* Merge pull request #1145 from w3c/issue-1136-none-attestation-policy

Add None attestation case to RP ops registration step 16
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/1909b5f0d0c85b1266cc9f04e0c31094972c4f6e

* Merge pull request #1091 from w3c/pr-1082-user-handle-mapped

Use "user handle mapped to user" language in user identification step
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/52d46854b4d02eddf8274ef5fdedecbe8994bf2b

* Fix incorrect description of AuthenticatorAttachment

Fixes #1153

See https://github.com/w3c/webauthn/issues/1153
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/9e72ec30ca11f8b23e9f09c28daa635f4171b77b

* Move AuthenticatorAttachment description to before IDL definition

For consistency with other IDL definition sections.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/eae2c22f5bf8ba95e3c60de85bd954c5e13915ec

* Remove outdated hypothetical text addition
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d16d62204030f6757f8680d8362dbb261d0ae4f8

* Merge branch 'master' into issue-1128-webauthn-authenticator
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/df3eb9fd540886b943c60496d2d593c8601a0d33

* Merge pull request #1130 from w3c/issue-1128-webauthn-authenticator

Add "Webauthn Authenticator" definition alias
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b387399a38862919a7e3b2b3fb4c354785196e91

* Merge pull request #1142 from w3c/issue-1132-android-safetynet-trust-path

Fix android-safetynet trust path
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/4c074692cdf1da862d494ca35c0c2b93dcad8258

* Fixed various links, including new TR link
  by plehegar
https://github.com/w3c/webauthn/commit/63640b3957d23a080462a6df4b723711bda7cfc9

* Use &mdash; instead of -
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b3ca189e18c43dd73f12057189041212a8bb1a40

* Merge pull request #1131 from w3c/issue-1128-authenticator-examples

Add examples of authenticator types to Authenticator definition
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/7bc2f0366c10e44d90390f2c8942738ff2759625

* Clarify relationship to trust path in RP registration step 16
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/fca27b3cd5a1cbf610063193aa9e6abd7a6c5c8e

* Apply clarification to ECDAA as well
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b175880e638b2b8803c2371758c1b1f4f5463e1a

* Merge pull request #1140 from w3c/issue-1123-uv-up

Let requireUserPresence always be true in authenticator operations
  by J.C. Jones
https://github.com/w3c/webauthn/commit/26cf7c62581ec913a06be4eb9ea94807a0468a32

* Merge pull request #1143 from w3c/issue-1034-appid-output-corner-case

Determine appid extension output after authenticator returns
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/4de25bb480f30dbca8e83381637a5e04872484fd

* Merge pull request #1118 from w3c/appid-note

Note that appid should be set to the previously used AppID
  by Adam Langley
https://github.com/w3c/webauthn/commit/11126e87846c1677f6f5bf56f33086b875ea5e66

* Move Angelo Liao to the Former Editors list (#1172)
  by Mike Jones
https://github.com/w3c/webauthn/commit/909b3c267babc181cdfc5d3aaf8b5033c5337703

*  update registries draft per issue #1176 (#1177)


* this is rev -02 of this Internet-Draft:

* update JeffH's affiliation

* add registry initialization instructions, update WebAuthn spec citation

* fixing up various things, add doc history entry

* provide erefs to dfns for attstn stmt fmt and extns idents, thx Giri!
  by =JeffH
https://github.com/w3c/webauthn/commit/3fc3b1e8a71bf3a9962e7257ffcc0789dcfae023

* Allow authenticators to do None instead of Self attestation

See issue #978

https://github.com/w3c/webauthn/issues/978
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/88695f49408f27b0da57fcdcafa737f6d53cf5f3

* fixup registries internet-draft's abstract (#1181)

* update JeffH's affiliation

* add registry initialization instructions, update WebAuthn spec citation

* fixing up various things, add doc history entry

* provide erefs to dfns for attstn stmt fmt and extns idents, thx Giri!

* this is rev -02

* fix abstract

* fix various editorial items

* regen .html & .txt files from .xml
  by =JeffH
https://github.com/w3c/webauthn/commit/ce2b94710b78395a8d8ba55ae94d9904b1741067

* Update isUVPAA() scenario to agree with spec
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/f1b55b0a218d97ed015ceb7212a9b7ddacebfc05

* Fix grammar in section introduction
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/bd67d132b143bfed4e55bd32ed3435d36bc58402

* Change prohibitions on PII in user handles to MUST.

Fixes #1146
  by Adam Langley
https://github.com/w3c/webauthn/commit/5fd36c6c8c180631c6b93192bd65190533aa61a5

* Update SafetyNet attestation description (#1170)

* Update SafetyNet attestation description

Use official SafetyNet documentation as a reference rather than trying to keep this text up to date.
Also update links to documentation

* Clarify "ver" in safetynet

Explain what do to do with "ver" during verification

* Fix typo

* fix more typoos

* typo fix

* Updated wording around 'ver'
  by Alexei Czeskis
https://github.com/w3c/webauthn/commit/66515ffaf9d5d4cfcc2e882d1852434f4f333f8a

* Merge pull request #1185 from agl/issue1146

Change prohibitions on PII in user handles to MUST.
  by Adam Langley
https://github.com/w3c/webauthn/commit/7c793d2e0355b245d184a0de172fda197e0292dd

* Merge pull request #1168 from w3c/issue-1167-clarify-trust-path

Clarify relationship to trust path in RP registration step 16
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8678b43688f4f2fda83bb69586011a800160fadc

* Revert change to new TR link

As suggested in
https://github.com/w3c/webauthn/pull/1161#issuecomment-474941638
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b8940315474bd52901df94a61532e5783128d977

* Revert "Revert change to new TR link"

This reverts commit b8940315474bd52901df94a61532e5783128d977.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/5338dde6fade40ba89a759e10a7f0549c6d4263d

* Fix typo in Authentication example
  by Julian Tescher
https://github.com/w3c/webauthn/commit/982edc7d668ed86979179dc4bcb2a0a3a1f6ef84

* Linked attestation statement format term in Section 8.1 to its definition, and linked to section 8.1 from 6.4. Fixes #1179.
  by James Barclay
https://github.com/w3c/webauthn/commit/191e67897c8513c64dec3c96a74364c891ab1906

* Created linkable definition for WebAuthn Extensions and linked to it throughout the spec. Fixes #1180.
  by James Barclay
https://github.com/w3c/webauthn/commit/a946a09e07b59daef158b0c171baef7ff3563796

* Merge pull request #1159 from w3c/issue-1153-authenticatorattachment-description

Fix incorrect AuthenticatorAttachment description
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/882985377ab4b3daf3d4960bab45a8cae624fd25

* Merge pull request #1190 from jtescher/patch-1

Fix typo in Authentication example
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/871a1af48961938deeb3105a3af9ba300482579b

* Merge pull request #1186 from w3c/link-fixes-no-tr

Revert change to new TR link
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e02924d96d1579300df21027427e4335d8532adf

* Merge pull request #1182 from w3c/issue-978-self-attestation-not-required

Allow authenticators to do None instead of Self attestation
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d76ddf59892c12087b18399b89bb95685671fd70

* Merge branch 'master' into link-fixes
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/703f495f5ff8093ed4015d2fa9bce02fbd41abec

* Addressed @emlun's comments about additional occurrences of WebAuthn extensions.
  by James Barclay
https://github.com/w3c/webauthn/commit/bd638f382a85363f754be7e33892ccf6de121d21

* Addressed @equalsJeffH's comment about linking to the packed attestation statement format, rather than the definition of attestation statement formats.
  by James Barclay
https://github.com/w3c/webauthn/commit/c3e38641d39113eec8d75a16fb55bba08f41560a

* Merge pull request #1161 from w3c/link-fixes

Fixed various links, including new TR link
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/49fe1bb791362c271b95573924aad75b69797a73

* Address review comments by @selfissued
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2a254776ccaca7195fb97160e39d019d54dbc694

* Point out that isUVPAA example ends if isUVPAA returns false
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/07b58d51007d33dca4e620b2c3d1a2e6346d0775

* Merge pull request #1184 from w3c/issue-1178-update-uvpaa-scenario

 Update isUVPAA() scenario to agree with spec
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2a68f5484246ddd44bb98c9a25568fb902e2159b

* Merge pull request #1192 from futureimperfect/link-attestation-statment-format

Linked attestation statement format term in Section 8.1 to its defini…
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/0cd0ca30c16d8408d3d3d47d132f29950a22a2ac

* Merge pull request #1193 from futureimperfect/create-linkable-def-for-webauthn-exts

Created linkable definition for WebAuthn Extensions and linked to it …
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/5d11e6255b85665d9faa8763e1de8c0fbac78826

* Merge branch 'master' into issue-1088-leap-of-faith
  by JeffH
https://github.com/w3c/webauthn/commit/d58c4ea368c4d6d56db9644bb3a3a7be94086a6a

* Accept suggestions from @equalsJeffH
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/12cd06a44449bb0375d2a6779830aaaacb6d35dc

* Add some embellishments to @equalsJeffH's suggestions
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/a70254ea523f33df3d3e52941016f89370dbe754

* Add considerations for string truncation.

Fixes #973.
  by Adam Langley
https://github.com/w3c/webauthn/commit/6f8a921f381806c5dbc709b3d553e5d2849b27dc

* Response to Emil's comments
  by Adam Langley
https://github.com/w3c/webauthn/commit/2af6b4fa4544ab247bd4bf495945b1f9db8937fc

* Address @equalsJeffH's review comment
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/447ef73752b207b9bee213fa019325f866d675c4

* Address @equalsJeffH's review comment
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/a82ea4ca2f20a587562afbff3432a40c6b75e7ba

* Merge pull request #1095 from w3c/issue-1088-leap-of-faith

Rewrite security consideration on attestation and MitM attacks
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/cf1022f12852750d2452bad300646b4d76332e2d

* Addressing some of aphillips's comments
  by Adam Langley
https://github.com/w3c/webauthn/commit/d25dcb453b3d9981f06ec9a7f0fbf8565da87b09

* Initial proposal for modifications to resident key credential requirements (#1191)

* Initial proposal for modifications to resident key credential requirements to address
https://github.com/w3c/webauthn/issues/991

* No-op change to force re-check of ipr.

* Change back to IBM

* Resolve first round of feedback from @emlun

* Fix editorial issue reported by @emlun

* Add definition of non-resident credential and reference it in new ResidentKeyRequirement enum definitions.

* Rewrite resident key option handling as switch statements

* Incoporated meta-PR from @emlun and addressed current round of comments.

* Based on comments from WG call on 2019-04-03 (captured in https://github.com/w3c/webauthn/issues/991) I have changed the set of permitted ResidentKeyRequirement values back to one of discouraged, preferred, required.

* Updates based on review feedback and discussion of WG call on 2019-04-17.

* Address all review comments from week of April 17-24, 2019.

* Address feedback from @agl

* Minor update to credProps extension description per @emlun

* Addressed comments from @equalsJeffH

* Address a bunch of comments from @equalsJeffH that I missed in the conversation.

* Additional review fix from @equalsJeffH

* Fix minor typo spotted by @equalsJeffH

* build on credProps dfn to formalize authnr/client processing

* Minor edits to fix compile issue and grammar in the CredProps extension

* Per WebAuthn call on May 1, 2019, remove authenticator extension component of the new credProps exception.

* Address editorial comments from @emlun and @equalsJeffH

* Minor editorials from @emlun
  by Shane Weeden
https://github.com/w3c/webauthn/commit/9315c0aa2f66a5a72e25c81546f4e9e4d60a437f

* Update Authenticator Definition (#1195)

* Simplify WebAuthn Authenticator Definition

* Update with Emil's edits

* add Akshay edits

* remove 'for example' text

* Edit for Jeff's comments 

s/ownership/possession/

* Add Jeff's comments
  by Nick Steele
https://github.com/w3c/webauthn/commit/1b13d2e6127e65b178e718a0afc67d2515c08d8a

* Rearrange terminology to be ordered by the first of the term aliases

Fixes #1194

See https://github.com/w3c/webauthn/issues/1194
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/50bdd604d3977046ae6be48ef8804bcd488bc0e7

* Fix typo in PR #1195
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8d2b789cbdbd33d948e4dacd4e2ea8226a6bd61e

* Addressing Jeff's comments
  by Adam Langley
https://github.com/w3c/webauthn/commit/12763df35f0139dbde6ccdb99e812a3c7671db60

* Merge pull request #1209 from w3c/issue-1194-rearrange-terminology

Rearrange terminology to be ordered by the first of the term aliases
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/559743229a0a6a63d445c04b92db4b1ab688b8b6

* Polish client device definition as suggested by @equalsJeffH

See issue #1216:
https://github.com/w3c/webauthn/issues/1216

See review comment:
https://github.com/w3c/webauthn/pull/1209#discussion_r282260388
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/81c0dfd4200ca094c0fdf78e7c2d52353a3dccdf

* Remove explicit, and superfluous, prohibition on unpaired surrogates in UTF-8 data
  by Adam Langley
https://github.com/w3c/webauthn/commit/f041335347cc79b84b3d7da69fa91a3c7e7695ec

* Merge pull request #1213 from w3c/pr-1195-fix-typo

Fix typo in PR #1195
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/ef80a25d0dd85619b5d447982bcad1192d1fb23e

* Merge pull request #1217 from w3c/issue-1216-polish-client-device

Polish client device definition as suggested by @equalsJeffH
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/6fb9fd340c761f758bc24fed3ef4827484be9a4c

* fix #1166: clarify extension input/output data type names (#1210)
  by =JeffH
https://github.com/w3c/webauthn/commit/5326083231c6d1a151d6e90e2e985475eabd898d

* Use consistent section id prefixes (#1212)

* Use section prefix sctn- consistently

* Use section ID prefix dictionary- for dictionary <dfn> sections

* Use section ID prefix enum- for enum <dfn> sections
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2a7528a216f74bd9380f9497e2216522e93b8987

* feature policy integration (#1214)

this improves #911 -- we'll look in to adding indication of framedness in WD-02

* feature-policy initial inclusion

* add 'allowed to use' to create/get algs

* grovel around fixing cross-ref linkage breakages

* polish linkages

* remove 'allowed to use', it belongs in credman

* polish Feature Policy integration

* oops, promises must return errors, not throw them

* add Note to isUVPAA() wrt rejecting if not 'allowed to use'
  by =JeffH
https://github.com/w3c/webauthn/commit/a6910a166fd9bee94d80218ab7e7c7786e53811c

* Merge pull request #1205 from agl/stringtruncation

Add considerations for string truncation.
  by Adam Langley
https://github.com/w3c/webauthn/commit/c9b1d4efd0be1e9d8da0388948d386eab9da673d

* Merge pull request #1187 from w3c/link-fixes-tr-level2

Revert "Revert change to new TR link"
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/db94f4a72567ede161a26482c8ba3292e737b70d

* Merge branch 'master' into pass-through-other-assertion-formats
  by rlin1
https://github.com/w3c/webauthn/commit/014bc63556ff07ab552262542066a04f7f00b7f1
Received on Wednesday, 5 June 2019 11:19:34 UTC