W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2021

[webauthn] finish removing "create credential" permissions policy cruft (#1685)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 07 Dec 2021 22:05:12 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1073791664-1638914710-sysbot+gh@w3.org>
equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:

== finish removing "create credential" permissions policy cruft ==
Upon taking a close look at the spec with regards to references to "permissions policy", I've noticed that there remains some cruft with respect to there being a permissions policy with respect to credential creation (i.e., `publickey-credential-create`), which we ostensibly removed via PR #1394.

specifically:

1. Section [5.1.3. Create a New Credential - PublicKeyCredential’s [[Create]]() Method](https://www.w3.org/TR/webauthn-3/#sctn-createCredential) continues to have a Note regarding permissions policy (it should not):
    > Note: Invocation of this internal method indicates that it was allowed by permissions policy, which is evaluated at the [CREDENTIAL-MANAGEMENT-1] level. See § 5.9 Permissions Policy integration.

2. The Note in section [5.9. Permissions Policy integration](https://www.w3.org/TR/webauthn-3/#sctn-permissions-policy) continues to mention `[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)` --- it should not.



Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1685 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 7 December 2021 22:05:25 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC