W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2019

[w3c/webauthn] 486eb7: Note that appid should be set to the previously us...

From: =JeffH <noreply@github.com>
Date: Mon, 11 Mar 2019 14:56:17 -0700
To: public-webauthn@w3.org
Message-ID: <w3c/webauthn/push/refs/heads/jeffh-fix-1176-update-registries-draft/c39a35-86a43b@github.com>
  Branch: refs/heads/jeffh-fix-1176-update-registries-draft
  Home:   https://github.com/w3c/webauthn
  Commit: 486eb7b12fb443c4eab6ae8795d81c8f27d48710
      https://github.com/w3c/webauthn/commit/486eb7b12fb443c4eab6ae8795d81c8f27d48710
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-12-12 (Wed, 12 Dec 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Note that appid should be set to the previously used AppID


  Commit: dafc308339f5e3875134ecb5d8b3dd87a9b67b26
      https://github.com/w3c/webauthn/commit/dafc308339f5e3875134ecb5d8b3dd87a9b67b26
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2019-01-09 (Wed, 09 Jan 2019)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Remove extraneous newline


  Commit: d9de1254080f44244954f378828046108911afd1
      https://github.com/w3c/webauthn/commit/d9de1254080f44244954f378828046108911afd1
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2019-01-18 (Fri, 18 Jan 2019)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Let requireUserPresence always be true in authenticator operations

This fixes an oversight in commit
7f831e3c7ebf669041c6413acc8005c3efa0eb8b which causes it to be
technically allowed for the authenticator to return (UV = 1, UP = 0),
though the RP operations as currently specified would not accept such a
response.


  Commit: 776b7b14d6e8f64b101db7e92318c877c588e861
      https://github.com/w3c/webauthn/commit/776b7b14d6e8f64b101db7e92318c877c588e861
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2019-01-18 (Fri, 18 Jan 2019)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Determine appid extension output after authenticator returns

This fixes the following corner case:

1. The user has a U2F authenticator A plugged in, which has been
   registered via the U2F API (i.e., with AppID).
2. The user has a CTAP2 authenticator B plugged in, which has been
   registered via the WebAuthn API (i.e., with RP ID).
3. The user initiates an authentication ceremony and the RP sets the
   `appid` extension.
4. The client runs the above client processing and discovers that
   authenticator A does not contain a credential for the RP ID, and
   retries with the AppID. This succeeds, and the client sets the
   extension's _output_ to `true`.
5. The client initiates authentication requests with both authenticator
   A and B, which both prompt the user for consent.
6. The user confirms user consent on authenticator B, which generates an
   assertion for the RP ID.
7. The client returns the assertion for the RP ID and the `appid` client
   extension output set to `true`.

So it was possible for the extension output to end up being `true` even
though the RP should verify the assertion using the RP ID and not the
AppID.


  Commit: 26cf7c62581ec913a06be4eb9ea94807a0468a32
      https://github.com/w3c/webauthn/commit/26cf7c62581ec913a06be4eb9ea94807a0468a32
  Author: J.C. Jones <james.jc.jones@gmail.com>
  Date:   2019-03-07 (Thu, 07 Mar 2019)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Merge pull request #1140 from w3c/issue-1123-uv-up

Let requireUserPresence always be true in authenticator operations


  Commit: 4de25bb480f30dbca8e83381637a5e04872484fd
      https://github.com/w3c/webauthn/commit/4de25bb480f30dbca8e83381637a5e04872484fd
  Author: Emil Lundberg <emil@emlun.se>
  Date:   2019-03-07 (Thu, 07 Mar 2019)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Merge pull request #1143 from w3c/issue-1034-appid-output-corner-case

Determine appid extension output after authenticator returns


  Commit: 11126e87846c1677f6f5bf56f33086b875ea5e66
      https://github.com/w3c/webauthn/commit/11126e87846c1677f6f5bf56f33086b875ea5e66
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2019-03-07 (Thu, 07 Mar 2019)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Merge pull request #1118 from w3c/appid-note

Note that appid should be set to the previously used AppID


  Commit: 909b3c267babc181cdfc5d3aaf8b5033c5337703
      https://github.com/w3c/webauthn/commit/909b3c267babc181cdfc5d3aaf8b5033c5337703
  Author: Mike Jones <Michael.Jones@microsoft.com>
  Date:   2019-03-07 (Thu, 07 Mar 2019)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Move Angelo Liao to the Former Editors list (#1172)


  Commit: 3fc3b1e8a71bf3a9962e7257ffcc0789dcfae023
      https://github.com/w3c/webauthn/commit/3fc3b1e8a71bf3a9962e7257ffcc0789dcfae023
  Author: =JeffH <jdhodges@google.com>
  Date:   2019-03-11 (Mon, 11 Mar 2019)

  Changed paths:
    M draft-hodges-webauthn-registries.html
    M draft-hodges-webauthn-registries.txt
    M draft-hodges-webauthn-registries.xml

  Log Message:
  -----------
   update registries draft per issue #1176 (#1177)


* this is rev -02 of this Internet-Draft:

* update JeffH's affiliation

* add registry initialization instructions, update WebAuthn spec citation

* fixing up various things, add doc history entry

* provide erefs to dfns for attstn stmt fmt and extns idents, thx Giri!


  Commit: 86a43b130858f80c7828970a9019d3e7673f8825
      https://github.com/w3c/webauthn/commit/86a43b130858f80c7828970a9019d3e7673f8825
  Author: JeffH <jdhodges@google.com>
  Date:   2019-03-11 (Mon, 11 Mar 2019)

  Changed paths:
    M draft-hodges-webauthn-registries.html
    M draft-hodges-webauthn-registries.xml
    M index.bs

  Log Message:
  -----------
  merge from master, fix conflicts


Compare: https://github.com/w3c/webauthn/compare/c39a35da00a2...86a43b130858
Received on Monday, 11 March 2019 21:56:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:02 UTC