- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Mon, 15 Jun 2020 17:35:45 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by equalsJeffH to https://github.com/w3c/webauthn: * Update index.bs Add lightning transport Fixes #1261 by John Bradley https://github.com/w3c/webauthn/commit/fb17d3d1f2e8c399c483bdbaae3a69cfd8b7071f * Update index.bs Fix missing comma by John Bradley https://github.com/w3c/webauthn/commit/6661d22737f2e8c74dc777f68b501d13849acdab * Remove note about UV verifying the same user in get() as in create() by Emil Lundberg https://github.com/w3c/webauthn/commit/cd52169c863c0537cf35cbc8c75959b10c3f6344 * Clarify assumptions about single-user authenticators and relation to UV by Emil Lundberg https://github.com/w3c/webauthn/commit/7ec1c1d9d479eec2e13b59352d4e466068407b99 * Incorporate suggestion by @FabianHenneke by Emil Lundberg https://github.com/w3c/webauthn/commit/101146b9f9bf1b1fcb2c01768321ceac2c5ef1e9 * Update CDDL reference by Emil Lundberg https://github.com/w3c/webauthn/commit/562cafb89d9bc93478a07de1c8f514f0ce988372 * Enhance spec roadmap section by Emil Lundberg https://github.com/w3c/webauthn/commit/10cc310bd8df741c1d4f467f15758fd86a2291be * Link to security/privacy considerations in spec roadmap by Emil Lundberg https://github.com/w3c/webauthn/commit/f67c44ba9ea391622c6c7903e61b737720e6336c * Add batch attestation as alias of basic attestation by Emil Lundberg https://github.com/w3c/webauthn/commit/35c25de126b7c3bc639c7efd1c7d4ea8ee3dd1cc * Add explanatory note to step 3 in authenticatorMakeCredential by Emil Lundberg https://github.com/w3c/webauthn/commit/50a22e4bb3730c1e83f2503c52511eaedffb2a0e * Explicitly mention running over TLS in WebAuthn API intro by Emil Lundberg https://github.com/w3c/webauthn/commit/243d8f7598a425e99b4a2b7e699372e9fefbb672 * Add definition link to "bound" term by Emil Lundberg https://github.com/w3c/webauthn/commit/b58f3a308be5d26e7401ca7813da2ccfebd17d47 * feature policy integ: add link to (#1328) by =JeffH https://github.com/w3c/webauthn/commit/a1d4e065943ad6541475279907fae35ecd6554e7 * Update note in RP definition to indicate that non-WebAuthn FIDO clients MAY use origin values that are different than those specified for WebAuthn. by Shane Weeden https://github.com/w3c/webauthn/commit/09f59c6b515e27ae17194485edb3db19fb688c35 * Merge pull request #1320 from w3c/issue-1206-cddl-ref Update CDDL reference by Emil Lundberg https://github.com/w3c/webauthn/commit/831fca24174e1be656696d2f699eaedc075600f5 * Merge pull request #1321 from w3c/issue-1100-spec-roadmap Enhance spec roadmap section by Emil Lundberg https://github.com/w3c/webauthn/commit/597abf93b0553b96e41b0f8280e29548a8a37851 * Merge pull request #1313 from w3c/issue-1305-uv-same-user Clarify assumptions about single-user authenticator and relation to UV by J.C. Jones https://github.com/w3c/webauthn/commit/688582582e6c7fc85d74b2ac5ce110a4b1f0dc50 * Merge pull request #1325 from w3c/issue-1260-batch-attestation Add batch attestation as alias of basic attestation by Emil Lundberg https://github.com/w3c/webauthn/commit/904e09e396fe883d14678f56cf0abf1a0cc345a6 * Merge pull request #1326 from w3c/issue-1133-makecred-authorize-collision-disclosure Add explanatory note to step 3 in authenticatorMakeCredential by Emil Lundberg https://github.com/w3c/webauthn/commit/288cf58bed6d7967fd995d830ebf54cc50989efa * Merge pull request #1327 from w3c/issue-1201-tls Explicitly mention running over TLS in WebAuthn API intro by Emil Lundberg https://github.com/w3c/webauthn/commit/fc62216d8a9f50faf0eca5bbf7dbe9abe11c812f * Update timeout examples to better agree with guidelines by Emil Lundberg https://github.com/w3c/webauthn/commit/4ec28b3c23e4406538e3148f09903e7e5d7200a3 * Fix off-by-factor-10 timeout example by Emil Lundberg https://github.com/w3c/webauthn/commit/f8c13cb2fad6663dcc8df2f94951fd551c676fd8 * Add explicit UV argument to registration example by Emil Lundberg https://github.com/w3c/webauthn/commit/235385cd007cd9d6b4efdc141ab9e2fb0b56d0b9 * Merge pull request #1319 from w3c/issue-1317-timeout-examples Update timeout examples to better agree with guidelines by Emil Lundberg https://github.com/w3c/webauthn/commit/5dbea683ac4651254896c9080cbf7136d5944f52 * Truncate strings for authenticators where needed. (#1316) * Truncate strings for authenticators where needed. There exist a significant number of authenticators that do not conform to the current WebAuthn requirements in that they fail requests with name/displayName strings longer than 64 bytes, rather than truncating them. This change adds a new requirement on user-agents that they maintain the authenticator model for RPs by doing the truncation on their behalf in this case. The alternative is that each RP will hit this edge-case and do the truncation itself, thus the ecosystem will never be able to support longer strings. Since user-agents may now be doing truncation, this change also permits truncation at the level of grapheme clusters (since user-agents presumably have Unicode tables available). Fixes #1296. * Address Jeff and Emil's comments. by Adam Langley https://github.com/w3c/webauthn/commit/428bf827db5fa8d45865fcce7a41427bf910ee2f * Create a way to reference the following figure (#1323) * Address Jeff and Emil's comments. * Create a way to reference the following figure. The fact that we have to keep the figure numbers in sync manually annoyed me. Bikeshed isn't helping out here so I don't see a way to avoid this for long-range links, but this change eliminates the need to manually maintain some of the absolute numbers by providing a way to insert the number of the following figure when the reference and figure are close by. by Adam Langley https://github.com/w3c/webauthn/commit/97411db5d75aa041cffb304e89cbcd39781ae498 * Minor updates based on reviewer feedback. by Shane Weeden https://github.com/w3c/webauthn/commit/a14e11d84eb916a7379b8235750e143d219daee0 * Use CSS numbering for table references too (#1324) * Generate "Figure" text in .figure-num-following * Rename .figure-num-* to .figure-ref-* Since the CSS rule now also generates the "Figure" text, not just the number. * Use CSS counter for table number references too * Revert "Rename .figure-num-* to .figure-ref-*" This reverts commit ffde79d01a1353fd1e70742658038b0ba7695db9. * Revert "Generate "Figure" text in .figure-num-following" This reverts commit e4f3f0c4a317d7c7f4ca47aeb8496dbe94bc3175. * Move "Table " text out from CSS rules When generated by the CSS rules, the "Table" text is not searchable by the "find in page" tool in browsers. * Unbreak <figcaption>s for tables by Emil Lundberg https://github.com/w3c/webauthn/commit/88468caec499992ccbafafc8b9ca3f746d3eb8dc * Merge pull request #1332 from w3c/sbweeden_issue_1297 Update note in RP definition to indicate that non-WebAuthn FIDO clien… by Shane Weeden https://github.com/w3c/webauthn/commit/df1808614580fc73dbdcd40992f1d10706e330d2 * name the protocol (#1335) * name the protocol * fix annoying interstitial space by =JeffH https://github.com/w3c/webauthn/commit/03f840658c7667029e9a20dcce8989cd5bad0fa9 * Fix #1285 - Remove icons from PublicKeyCredentialEntity As discussed in issue #1285, the image URL fields for PublicKeyCredentialEntity, while intended for user interface design, are potent correlation mechanisms if they are downloaded by RPs. RPs would have to take extraordinary care, beyond reasonable measures, to avoid uses by RPs with mal-intent to cross-correlate accounts. It is better for User Agents to use existing origin/icon mechanisms for their UX designs, or to define new such mechanisms as-needed, that are origin-wide rather than provide the possibility to embed detailed tracking information into these URLs. by J.C. Jones https://github.com/w3c/webauthn/commit/dbcf596676749e996cf02dfb2afc0685e7861c0f * Merge pull request #1337 from jcjones/1285-image_deprecation Fix #1285 - Remove icons from PublicKeyCredentialEntity by J.C. Jones https://github.com/w3c/webauthn/commit/28e8d9d1e5e69470e052b2dcc427a6fa4c50efa9 * Reduce duplicated terminology (#1334) * Move Assertion def in as an alias under Authentication Assertion * De-duplicate attestation key/cert terms * Replace "platform-provided authenticator" with "platform authenticator" * Replace "internal authenticator" with "platform authenticator" * Add links to [=client data=] * Add links to [=credential public key=] and [=attestedCredentialData=] * Replace "associated with" with "of" * Define [=WebAuthn signature=] * Add links to [=attestation signature=] * De-duplicate "authentication signature" * Add links to [=authorization gesture=] by Emil Lundberg https://github.com/w3c/webauthn/commit/e48cb03ccae8ebee7a741f8c15d7e38eb223892e * reverting and restoring automation section et al... (#1340) by =JeffH https://github.com/w3c/webauthn/commit/2e18951ae7065ebce09854131517d3c5bf1f19eb * add indication of cross-origin operation in `collectedClientData` (#1276) * change sameOriginWithAncestors to crossOrigin, add the latter to CollectedClientData * minor editorial * revert back to sameOriginWithAncestors * evauated -> evaluated Co-Authored-By: Emil Lundberg <emil@yubico.com> * one more time: evauated -> evaluated by =JeffH https://github.com/w3c/webauthn/commit/8927216e4b1c8eb9ead1b796f084a6d8f152dd6e * Fix typo though should be through by Yanming Zhou https://github.com/w3c/webauthn/commit/c363e4a13eb03904a1c214b86ccc5895a6a964c3 * Reformat and rename AuthenticatorBiometricPerfBounds by Kagami Sascha Rosylight https://github.com/w3c/webauthn/commit/4d9264a24e7b21801744ecafdad590f581ab0bcc * <div> cannot appear within <figure>. See [figure content model](https://html.spec.whatwg.org/multipage/grouping-content.html#the-figure-element) (#1350) by Philippe Le Hegaret https://github.com/w3c/webauthn/commit/80f6cb38729aa5f1cd1285992cdf247183319d5e * Merge pull request #1341 from quaff/patch-1 Fix typo by Emil Lundberg https://github.com/w3c/webauthn/commit/7e1bf6993ecc7fc4e8c119b511e9610ed49c29e7 * 'loc' extension: cite permissions and geolocation specs (#1342) * 'loc' extension: cite permissions and geoloc specs * mark new geoloc cites normativeto match existing cites * Update index.bs - capitalize 'must' Co-Authored-By: Emil Lundberg <emil@yubico.com> * update per emlun's comment, thx! by =JeffH https://github.com/w3c/webauthn/commit/d7c5fb1227607f1e59fd9a1bee4cfc26e0724600 * Use the new name for Coordinates (#1344) Merging, per decision on the 4-Dec-19 call by Kagami Sascha Rosylight https://github.com/w3c/webauthn/commit/947b7bcf53704f9c56ccef7ce1f927866792c016 * Merge pull request #1345 from saschanaz/biometric Reformat and rename AuthenticatorBiometricPerfBounds by Adam Langley https://github.com/w3c/webauthn/commit/90aaad999f3f57c24dc1e02477f286ecf9419c86 * Add a WebDriver Extension Capability by Nina Satragno https://github.com/w3c/webauthn/commit/4a4d8f6227b68d50c4a897666123ff51fc38ce78 * Apply suggestions from code review fix nits Co-Authored-By: =JeffH <jdhodges@google.com> by Nina Satragno https://github.com/w3c/webauthn/commit/db860156d112155547f430b3d28eaaf4f4538083 * Rename capability webauthn:virtualAuthenticators by Nina Satragno https://github.com/w3c/webauthn/commit/75c00b2db0289d531245c8935f7693416d4192a3 * Fix typo by Emil Lundberg https://github.com/w3c/webauthn/commit/fd1394b4a0860a69bf77c3c6fcc94d3dbb646183 * Merge pull request #1357 from w3c/typo Fix typo by Emil Lundberg https://github.com/w3c/webauthn/commit/b2d74e7393b606d8da85a38ae8337582be6326fa * Add note about risk of ignoring excludeCredentials with mismatched transports by Emil Lundberg https://github.com/w3c/webauthn/commit/d7c201437016aa16f075547bdf4ea1d79ae927a4 * Merge pull request #1359 from w3c/issue-1348-excludecredentials-transports Add note about risk of ignoring excludeCredentials with mismatched transports by Emil Lundberg https://github.com/w3c/webauthn/commit/76af1d241cbc05eab3d15fd5f19cbdb09c2d3375 * Clarify exts client extension output (#1361) by Emil Lundberg https://github.com/w3c/webauthn/commit/197565c9b9a56a5134f32740deaaae06c245162b * Merge pull request #1353 from nsatragno/webdriver_capability Add a WebDriver Extension Capability by J.C. Jones https://github.com/w3c/webauthn/commit/6349d2422ac13318a6a54e1432ca84b79a98a1fc * remove 'lightning' AuthenticatorTransport enum value (#1364) by =JeffH https://github.com/w3c/webauthn/commit/87ec85967dbb645e6c7452f2ba316f081c59cb70 * update CTAP reference to point to ps-20190130 (#1365) by =JeffH https://github.com/w3c/webauthn/commit/66ad76b907e618e2a709bbb2be9a6544baedfc56 * Add clearer recommendation on what to do with transport hints by Emil Lundberg https://github.com/w3c/webauthn/commit/4cb04a8d6aa06486a25347aae1dc2d42b6c34165 * Recommend storing/retrieving transport hints in PublicKeyCredentialDescriptor description by Emil Lundberg https://github.com/w3c/webauthn/commit/96af7212935e10f9aeb5b96fb6013de938bb2ed5 * Add to sec cons a brief discussion of the sec properties accrued by authnr & client platform proximity (#1333) * Add security consideration on client-authnr direct communication See issue #1257 https://github.com/w3c/webauthn/issues/1257 * Address @equalsJeffH's review comments * Add missing CSS class .figure-num-previous * Rewrite proximity section shorter and discuss benefits of physical proximity * Add commas suggested by @agl Co-Authored-By: Adam Langley <agl@google.com> Co-authored-by: Adam Langley <agl@imperialviolet.org> by Emil Lundberg https://github.com/w3c/webauthn/commit/d54a92aacc2fd8767f5188e3543f5bad62a29aa7 * Remove the requirement accept and store a 64-byte minimum length for a name member’s value (#1354) * Update index.bs Remove the requirement accept and store a 64-byte minimum length for a name member’s value Fixes #1352 * Update index.bs add if the authenticator stores the value for equalsJeffH by John Bradley https://github.com/w3c/webauthn/commit/dbff4e5bb1daaed49e38012eae3312e6b07c9eef * draft-hodges-webauthn-registries-04 (#1378) by Mike Jones https://github.com/w3c/webauthn/commit/c45cdc6c5324fd671bacc68c62746b856f7fa619 * Address @equalsJeffH's review comment by Emil Lundberg https://github.com/w3c/webauthn/commit/eb027381d72dfc9a4d31d95be747f16b6afbf6d9 * Proposed changes for draft-hodges-webauthn-registries-05 (#1380) * Proposed changes for draft-hodges-webauthn-registries-05 * Minor polishing -05, Thx selfissued! Co-authored-by: JeffH <jdhodges@google.com> by Mike Jones https://github.com/w3c/webauthn/commit/eb93a7f6dd24fdc1556bceda39a6d49d817521c9 * re-gen .html & .txt files from .xml file (#1384) by =JeffH https://github.com/w3c/webauthn/commit/d8184568f85801d155e4be0e405f5dcc7f80313a * Merge pull request #1369 from w3c/issue-1368-transports-instructions Add clearer recommendation on what to do with transport hints by Emil Lundberg https://github.com/w3c/webauthn/commit/ae29ff01fa7ab3839c28ccfc45e660be7a3ae491 * Use Python 3.7 by J.C. Jones https://github.com/w3c/webauthn/commit/279f84a10e9e84498dc92f5bf1b8c2554251134f * Add getPublicKey method. This change adds a getPublicKey method to the AuthenticatorAttestationResponse to save some users from having to parse out and handle COSE keys. (See linked issue for background.) Fixes #1363 by Adam Langley https://github.com/w3c/webauthn/commit/40d9511f003e48f8a965309f2755b18934b33e28 * Merge pull request #1393 from jcjones/python3 Use Python 3.7 for Travis-CI by Adam Langley https://github.com/w3c/webauthn/commit/a0249afd3429ae158ee4f0abdfebab5b2fb2faad * Default to ES256 and RS256 if pubKeyCredParams is empty (#1387) Default to algorithm -7 ("ES256") and -257 ("RS256") when options.pubKeyCredParams is empty. Fixes issue 1383. by Nina Satragno https://github.com/w3c/webauthn/commit/a6368172ed38b0d649274852f15308ae9bbf8aaa * Update index.bs This removes unimplimented extensions by John Bradley https://github.com/w3c/webauthn/commit/fdd8da6b64bcbfb3f785afce910cfccbb673b77d * Update signature counters section. (#1390) * Update signature counters section. This section did not reflect the specified behaviour for signature counters and did not mention that they are returned in makeCredential responses too. See linked bug for details. Fixes #1370 * Apply suggestions from code review Including Jeff and Emil's comments. Co-authored-by: =JeffH <jdhodges@google.com> Co-authored-by: Emil Lundberg <emil@emlun.se> by Adam Langley https://github.com/w3c/webauthn/commit/50679f5b0b12725c09f12f8510c3534afe992114 * Update based on comments by Adam Langley https://github.com/w3c/webauthn/commit/f4eb334f52424f833bf3adfb1b9f2dc59d56f17e * restore IANA registration for credprops by John Bradley https://github.com/w3c/webauthn/commit/781c7aed995628491d8d1d3e0361b38df727d9c4 * Remove reference to uvi by John Bradley https://github.com/w3c/webauthn/commit/78e1af40a28d7619440268f279d7a6806271c084 * Merge branch 'master' of https://github.com/ve7jtb/webauthn by John Bradley https://github.com/w3c/webauthn/commit/f0a34aafb5b691062c4fb3ca33cfd6fd67cccfb1 * Update index.bs REmove lightning again by John Bradley https://github.com/w3c/webauthn/commit/b787c8b585dbacc2a1d6a57fea0561718bc0f7fa * Remove 13.4.1. Browser Permissions Framework and Extensions The only extension using it is now gone. by John Bradley https://github.com/w3c/webauthn/commit/83092b516b5387801ed2337db929be07b18016b9 * Prohibit Create Credential from cross-origin iframes (#1394) * Prohibit Create Credential from cross-origin iframes This reverts part of PR #1276, again prohibiting the use of the Create method when `sameOriginWithAncestors` is `false`. The `Note` is simplified, since the integration between Credential Management and Feature Policy is now complete. * Split the feature-policy definition, per review comments * Apply suggestions from code review Co-Authored-By: =JeffH <jdhodges@google.com> Co-authored-by: =JeffH <jdhodges@google.com> by J.C. Jones https://github.com/w3c/webauthn/commit/6626671ac60b4731943a1d024b892a16ae47c6b5 * Fix markup error in three headings. (#1405) (If you look at the current HTML output, the anchor is mistakening getting included as part of the heading without this.) by Adam Langley https://github.com/w3c/webauthn/commit/b81f8f6f7d9d8dd48679c9af4783ac9c3ae2e952 * Merge pull request #1399 from ve7jtb/master remove unimplemented extensions (was: Update index.bs) by John Bradley https://github.com/w3c/webauthn/commit/b978138325fff0d285f02217058e5fb91e34c1de * Fix IANA Registration (#1408) * Update index.bs Fixes #1400 adds IANA registration for appidExclude and removes allready registerd extensions. Changes wording from initial registrations to additional registrations. * Fix section refrence * Grammer fix Change wich to that in two places by John Bradley https://github.com/w3c/webauthn/commit/b16ec8d6bc3fae54bec527a240ca62370b65f480 * use '(client-side) discoverable credential' terminology (#1398) * use '(client-side) discoverable credential' terminology ..rather than the 'resident credential' and 'resident key' terms. Also changed 'non-resident credential' to 'server-side credential', along with other related fixups. Marked the latter terms as DEPRECATED. * address AGL's comments * Update index.bs Co-Authored-By: Emil Lundberg <emil@yubico.com> * Update index.bs Co-Authored-By: Emil Lundberg <emil@yubico.com> * Update index.bs Co-Authored-By: Emil Lundberg <emil@yubico.com> * Apply suggestions from code review thx emlun! Co-Authored-By: Emil Lundberg <emil@yubico.com> * fix tortured Note: language, thx emlun! * Apply emlun's and ve7jtb's suggestions, thx! Co-Authored-By: Emil Lundberg <emil@yubico.com> Co-Authored-By: John Bradley <ve7jtb@ve7jtb.com> Co-authored-by: Emil Lundberg <emil@yubico.com> Co-authored-by: John Bradley <ve7jtb@ve7jtb.com> by =JeffH https://github.com/w3c/webauthn/commit/8d0060ab32508aeac53e7350ccae03a694321348 * Apply suggestions from code review (Some suggestions collide with others and GitHub can't cope with that. Will apply those manually in a sec.) Co-Authored-By: J.C. Jones <james.jc.jones@gmail.com> Co-Authored-By: =JeffH <jdhodges@google.com> Co-Authored-By: Emil Lundberg <emil@emlun.se> by Adam Langley https://github.com/w3c/webauthn/commit/8dae5f241c2dcb90a98589b229e8d5de6c4fe1e9 * Add getPublicKeyAlgorithm() A SubjectPublicKeyInfo encodes only the public key, but COSE Key structures also include a signature algorithm. Since RPs will need this information too, this change adds getPublicKeyAlgorithm to return it. (This change also includes some suggestions from the review that GitHub couldn't automatically apply because they collided with other suggestions.) by Adam Langley https://github.com/w3c/webauthn/commit/0b910c6659e00b6ff98fe325a4a50a50f1b6d5ce * Add “enterprise” attestation type. (#1366) * Add “enterprise” attestation type. In controlled deployments, organisations may wish to tie specific registrations back to individual authenticators. Obviously this has privacy concerns and needs to be gated on local configuration, or special configuration on the authenticator. However, as cloud services are increasingly used, RP IDs are no longer neatly divided into enterprise and consumer contexts, and the RP might _not_ wish to receive the enterprise attestation when used in a consumer context. This change adds a new level of attestation, “enterprise”, which allows RPs to indicate when they would like to, possibly, receive an attestation that may include uniquely identifying information. This leaves “direct” with its current, less privacy-impacting meaning. Fixes #1147 * Signal attestation at the correct time. * Merging a suggested change from Jeff Co-Authored-By: =JeffH <jdhodges@google.com> * Merging a suggested change from Jeff Co-Authored-By: =JeffH <jdhodges@google.com> * modest fixups for enterprise attestation * Convert to DOMString * Remove fallback to direct * Apply jcjones' suggestion Co-Authored-By: J.C. Jones <james.jc.jones@gmail.com> Co-authored-by: =JeffH <jdhodges@google.com> Co-authored-by: J.C. Jones <james.jc.jones@gmail.com> by Adam Langley https://github.com/w3c/webauthn/commit/b44009c0bc24ed76f79c94c4bf6a3d5a111439ae * Add more requirements for ClientDataJSON serialisation. (#1375) * Add more requirements for ClientDataJSON serialisation. ClientDataJSON is currently defined to be the JSON encoding of the CollectedClientData. This implies that validators require a full JSON parsing library to check needed entries in the ClientDataJSON such as the challenge, type, and origin. This is a problematic dependency in some cases. This change seeks to address that by being stricter about the encoding, while still generating JSON. Thus existing validators do not need to change but those willing to require recent WebAuthn-implementing browsers can avoid the full generality of JSON. * Address various comments. * Apply suggestions from code review Apply Jeff's suggestions Co-Authored-By: =JeffH <jdhodges@google.com> * incorp jcjones' feedback, thx! Co-authored-by: =JeffH <jdhodges@google.com> by Adam Langley https://github.com/w3c/webauthn/commit/d5306690bf8000c98421319a21416b22d735ad8a * Add "MDN Panels" to spec (#1411) * Test "MDN Panels" bikeshed feature this adds "Include MDN Panels: yes" to the spec "metadata". They are documented here: https://tabatkins.github.io/bikeshed/#metadata-include-mdn-panels This will add little widgets to the right side of the spec for each interface (that's been documented in MDN's "browser compatibility data" repo). These widgets summarize the implementation status of the interface in various browsers. MDN's "browser compatibility data" repo is here: https://github.com/mdn/browser-compat-data A rendering of MDN's present WebAuthn implementation state is here: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API#Browser_compatibility * try a value of 'maybe' by =JeffH https://github.com/w3c/webauthn/commit/a4da5bebc666c7c0cb99984bebb0ae10f49e6111 * Mike's proposed edits for draft-hodges-webauthn-registries-06 (#1415) by Mike Jones https://github.com/w3c/webauthn/commit/7a045318c5ba6e49ee4849a41142117f038a8044 * Mike's proposed edits for draft-hodges-webauthn-registries-07 (#1416) by Mike Jones https://github.com/w3c/webauthn/commit/13289a22b9bcd92414c1d583fa53f9d0207e6300 * Define the 'it' as the 'RP' Co-authored-by: Emil Lundberg <emil@emlun.se> by J.C. Jones https://github.com/w3c/webauthn/commit/0e3c67b5b20a5b9198ee6125a319db44a90a6e50 * Merge pull request #1395 from agl/getpubkey Add getPublicKey method. by J.C. Jones https://github.com/w3c/webauthn/commit/0226490cf6afbe62fda5374cb6a867929d8c24f4 * Mike's proposed changes for draft-hodges-webauthn-registries-08 (#1417) by Mike Jones https://github.com/w3c/webauthn/commit/61ad26aaba0c560288ac276f6f3cade5870f9648 * Addressed IESG review comments (#1419) * Addressed IESG review comments * Minor wording simplification by Mike Jones https://github.com/w3c/webauthn/commit/f10427d699882e8d7c4c173b25bed83f1e382b3c * Specify more about COSE algorithms. [COSEAlgorithmIdentifiers](https://w3c.github.io/webauthn/#typedefdef-cosealgorithmidentifier) aren't very specific. JOSE [defines](https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms) an algorithm called “ES256” as “ECDSA using P-256 and SHA-256” — which is fine. COSE [also defines](https://www.iana.org/assignments/cose/cose.xhtml#algorithms) an algorithm called “ES256”, except that the COSE version isn't specific to any curve! It's just ECDSA with SHA-256 hashing. COSE only [says](https://tools.ietf.org/html/rfc8152#section-8.1) that “in order to promote interoperability, it is suggested that SHA-256 be used only with curve P-256”. Technically, an authenticator could return a public key over some other curve, although I bet it breaks lots of RPs. Similarly, COSE defines an algorithm for “EdDSA”, which is commonly interpreted to mean EdDSA with Ed25519. But, technically, it could also mean EdDSA with the much rarer X448. I think people thought that they were getting JOSE-style precise algorithms with a COSE algorithm identifier, but that's not true. Thus this change nails down some standard assumptions that are (I believe) currently true in all cases anyway. (See also fido-alliance/fido-2-specs#862.) by Adam Langley https://github.com/w3c/webauthn/commit/73fb44b5e37b0770ceb120a85488043cd653c4f7 * Fix examples to use current Extensions by John Bradley https://github.com/w3c/webauthn/commit/1fb7028e730ccb7556848583fc434e330daa019d * Substitute enum types in dictionaries with DOMStrings (#1392) * Update PublicKeyCredentialCreationOptions * Update PublicKeyCredentialRequestOptions * Update for PublicKeyCredential/transports * Update for AuthenticatorSelectionCriteria * Update for PublicKeyCredentialDescriptor * Update for TokenBinding * Update for PublicKeyCredentialParameters * Updates per @agl's review comments * Use the same 'ignore unknown values' language, which is used 8 times already in the document * Update ResidentKeyRequirement to be a DOMString, too. * Address @equalsJeffH's https://github.com/w3c/webauthn/pull/1392#issuecomment-621401303 and fix linking to infra:map/exists (which was unused) * Address @equalsJeffH - Add 2.1.1 "Enumerations as DOMString Types" Addresses https://github.com/w3c/webauthn/pull/1392#pullrequestreview-390185376 by adding a new conformance section and referring to it at the description of each enumeration type. by J.C. Jones https://github.com/w3c/webauthn/commit/a133711055b3b13c700fe2ea2acd62fe749a3f74 * Remove mentions of ECDAA. (#1418) * Remove mentions of ECDAA. Fixes #1410 * Remove some other references. (I forgot to search for “ecdaa” in lowercase.) by Adam Langley https://github.com/w3c/webauthn/commit/0881ded86d5eb9347efd19d0b669c34bac1fe8ba * Use Python 3 in bikeshed Dockerfile (#1423) by Emil Lundberg https://github.com/w3c/webauthn/commit/8f7ef70d94b696d203bb55f95c96988b242c21ca * Update index.bs Co-authored-by: Emil Lundberg <emil@yubico.com> by John Bradley https://github.com/w3c/webauthn/commit/29d1f9188d83b5d7b11f00fba3cecaaef67edc80 * Fix credential ID syntax in appIdExclude example by Emil Lundberg https://github.com/w3c/webauthn/commit/5e89d7ac7028971d4e43af0fb6ba297db6a021a5 * Update .spec-data .bikeshed-include cache Ran the following set of commands: ./update-bikeshed-cache.sh && \ git add .spec-data .bikeshed-include && \ git commit . It’s necessary either that one of the spec editors run those same commands periodically, or else the .travis.yml CI build file needs to be changed to stop using cached files in .spec-data and .bikeshed-include. Prior to running the above commands and committing the changes, the cached files in .spec-data and .bikeshed-include were more than 2 years out of date. by Michael[tm] Smith https://github.com/w3c/webauthn/commit/d8e15df7b206e1cbbd0ae30644c6109598a14ee3 * Fix typo in update-bikeshed-cache.sh (#1427) by Michael[tm] Smith https://github.com/w3c/webauthn/commit/7b1bc66ee671e0eae755a8388781997e29dde57b * Addressed additional IESG comment by Magnus Westerlund (#1431) by Mike Jones https://github.com/w3c/webauthn/commit/7f541a26c796fd90d1be02fe85332f25bed3c291 * Spelling fix. Co-authored-by: =JeffH <jdhodges@google.com> by Adam Langley https://github.com/w3c/webauthn/commit/6513a003c289d8046483c590bd82469d2d397b3f * Merge pull request #1420 from agl/cosealg Specify more about COSE algorithms. by Adam Langley https://github.com/w3c/webauthn/commit/b463fc898a36d28b26b0d469352946e0fea21024 * Merge pull request #1426 from w3c/ve7jtb-fix-1401-Example-4-in1.3.3-uses-tcSimple Update examples to use current Extensions by John Bradley https://github.com/w3c/webauthn/commit/c853bffa4454e0334c40fba48e3fafb5d3e8f3f2 * Remove webdriver-spec.html from WebDriver URLs (#1432) * Remove webdriver-spec.html from WebDriver URLs It redirects. * Update index.bs by Philip Jägenstedt https://github.com/w3c/webauthn/commit/d96c5c1baa008aeeb05d530ecf829df1c58047ae * Document how to use update-bikeshed-cache.sh (#1428) * Document how to use update-bikeshed-cache.sh * Update README.md Co-authored-by: =JeffH <jdhodges@google.com> * Update README.md * Update README.md * Update README.md Co-authored-by: =JeffH <jdhodges@google.com> by Michael[tm] Smith https://github.com/w3c/webauthn/commit/c37dd4ac5b3149ece47ed15713f8bd4de757741f * fix "present" link errors along with a couple others (#1433) * fix "present" link errors along with a couple others this is editorial clean up: fixes #1397 along with a couple other linking errors that were showing up when building the spec. * remove unused biblio references, thx emlun! by =JeffH https://github.com/w3c/webauthn/commit/dbd82205cc86fc00a7287224363ce79ea4fb960b * Fix references to AuthenticatorAttestationResponse.getTransports() by Emil Lundberg https://github.com/w3c/webauthn/commit/72c200169084749bfa66f5996060a88c5b3e6c99 * Merge pull request #1438 from w3c/issue-1436-gettransports Fix references to AuthenticatorAttestationResponse.getTransports() by Emil Lundberg https://github.com/w3c/webauthn/commit/2824aa4bc56e841076c4a7147c7ff83013ae5cef * Merge branch 'master' into issue-1099-enrichen-ceremony-defs by JeffH https://github.com/w3c/webauthn/commit/f9e913c341f101bebe7e5fe923deef0e72217555
Received on Monday, 15 June 2020 17:35:49 UTC