W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2020

[webauthn] Merged Pull Request: Add more requirements for ClientDataJSON serialisation.

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 29 Apr 2020 19:11:59 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.closed-379252468-1588187518-sysbot+gh@w3.org>
equalsJeffH has just merged agl's pull request 1375 for https://github.com/w3c/webauthn:

== Add more requirements for ClientDataJSON serialisation. ==
ClientDataJSON is currently defined to be the JSON encoding of the
CollectedClientData. This implies that validators require a full JSON
parsing library to check needed entries in the ClientDataJSON such as
the challenge, type, and origin.

This is a problematic dependency in some cases. This change seeks to
address that by being stricter about the encoding, while still
generating JSON. Thus existing validators do not need to change but
those Relying Parties' webapps that are willing to require the use recent 
WebAuthn-implementing browsers can avoid the full generality of JSON.


<!--
    This comment and the below content is programatically generated.
    You may add a comma-separated list of anchors you'd like a
    direct link to below (e.g. #idl-serializers, #idl-sequence):

    Don't remove this comment or modify anything below this line.
    If you don't want a preview generated for this pull request,
    just replace the whole of this comment's content by "no preview"
    and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/agl/webauthn/pull/1375.html" title="Last updated on Apr 29, 2020, 6:40 PM UTC (d4300ee)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/1375/dbff4e5...agl:d4300ee.html" title="Last updated on Apr 29, 2020, 6:40 PM UTC (d4300ee)">Diff</a>

See https://github.com/w3c/webauthn/pull/1375
Received on Wednesday, 29 April 2020 19:12:01 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC