[w3c/webauthn] d53066: Add more requirements for ClientDataJSON serialisa... from Adam Langley on 2020-04-29 (public-webauthn@w3.org from April 2020)

From: Adam Langley <noreply@github.com>
Date: Wed, 29 Apr 2020 12:12:13 -0700
To: public-webauthn@w3.org
Message-ID: <w3c/webauthn/push/refs/heads/master/b44009-d53066@github.com>

  Branch: refs/heads/master
  Home:   https://github.com/w3c/webauthn
  Commit: d5306690bf8000c98421319a21416b22d735ad8a
      https://github.com/w3c/webauthn/commit/d5306690bf8000c98421319a21416b22d735ad8a
  Author: Adam Langley <agl@google.com>
  Date:   2020-04-29 (Wed, 29 Apr 2020)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Add more requirements for ClientDataJSON serialisation. (#1375)

* Add more requirements for ClientDataJSON serialisation.

ClientDataJSON is currently defined to be the JSON encoding of the
CollectedClientData. This implies that validators require a full JSON
parsing library to check needed entries in the ClientDataJSON such as
the challenge, type, and origin.

This is a problematic dependency in some cases. This change seeks to
address that by being stricter about the encoding, while still
generating JSON. Thus existing validators do not need to change but
those willing to require recent WebAuthn-implementing browsers can avoid
the full generality of JSON.

* Address various comments.

* Apply suggestions from code review

Apply Jeff's suggestions

Co-Authored-By: =JeffH <jdhodges@google.com>

* incorp jcjones' feedback, thx!

Co-authored-by: =JeffH <jdhodges@google.com>

Received on Wednesday, 29 April 2020 19:12:25 UTC