- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 28 Jun 2023 10:11:03 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by emlun to https://github.com/w3c/webauthn: * Improve UV guidance using new Credential Record concept by Emil Lundberg https://github.com/w3c/webauthn/commit/3daf3be467fd0f58555194d3ce0c4faf2db6380e * Add note that UV is not MFA the first time UV=1 is seen by Emil Lundberg https://github.com/w3c/webauthn/commit/13b5fcc2e0e9132f83c84fda3e061193a33919d4 * Merge pull request #7 from w3c/main bring fork up to date by Shane Weeden https://github.com/w3c/webauthn/commit/dec92f16ef8661142a4e068002f32c555840c3a0 * Don't be so strict about uv with the PRF extension. Authenticators may have different PRFs for the UV and non-UV case. Thus setting uv=preferred during an assertion is fraught: it doesn't fully specify which PRF to use. However, while implementing this, I ended up feeling that the prohibition on using uv=preferred was too strong. Sites may reasonably want to use uv=preferred and to take advantage of available PRF results. If the evaluation points are global then this isn't so silly as to justify a prohibition, I suspect. by Adam Langley https://github.com/w3c/webauthn/commit/24359a14f2098d260f7b8529d38fe6346fed2326 * Update wording to reflect discussions. by Adam Langley https://github.com/w3c/webauthn/commit/cac92424af0313f36b591089b331300850854e1d * Apply suggestion from emlun Co-authored-by: Emil Lundberg <emil@yubico.com> by Adam Langley https://github.com/w3c/webauthn/commit/8680f5861f410f9ba015cd8b4ba4b778071469a6 * Switch to SyntaxError by Adam Langley https://github.com/w3c/webauthn/commit/414de68c8d3f3d458c1c600dab4f450615c2dad4 * Merge branch 'w3c:main' into master by Shane Weeden https://github.com/w3c/webauthn/commit/6bd4140b12d81b07e8cf7153cafdcc1fbfb000d6 * Address issue 1817 by Shane Weeden https://github.com/w3c/webauthn/commit/910aac095ff791249ef7fbf60665ce5fa2a91979 * Specify that there's only one PRF, and it's the UV one. Fixes #1851 by Adam Langley https://github.com/w3c/webauthn/commit/5ebc25721158cc45a985e171121911da87d64994 * Merge pull request #1845 from sbweeden/issue_1817 Issue 1817 by Adam Langley https://github.com/w3c/webauthn/commit/6a2e2b436872d0a4702c07b1df486b6c7245f40c * Remove redundant extra step in DPK processing. This got left in during edits but is covered by the previous step. Fixes #1853 by Adam Langley https://github.com/w3c/webauthn/commit/b65d3394c55943fd129ce01a0139d5f0ccfffe27 * Require that evalByCredential keys match a credential from the allowList, if any. They are superfluous if they don't. by Adam Langley https://github.com/w3c/webauthn/commit/3b83189b8f30f6fff36d0bd4b1ef2bcf53e148c6 * Fix outdated reference to fmt in devicePubKey error case by Emil Lundberg https://github.com/w3c/webauthn/commit/b8d23c69b155b5f97fc9ccae86d2623c8163688e * Allow for credential creation in a cross-origin iframe (#1801) by Stephen McGruer https://github.com/w3c/webauthn/commit/3ff766eb5bf6f0f4dc40facc3d4aff60460f5057 * Merge branch 'main' into issue-1510-uv-guidance by Emil Lundberg https://github.com/w3c/webauthn/commit/ccc5e2bbb1909a2657f14883eb2b71274f8c20d5 * Clarify to ignore UV flag if not required by Emil Lundberg https://github.com/w3c/webauthn/commit/af07d1598c70431d36ee1ad53e042582b72f7379 * Formalize definition of uvInitialized in credential record by Emil Lundberg https://github.com/w3c/webauthn/commit/7e541a0c9cedea58006f18a414c778d3c1e4f026 * Merge pull request #1858 from w3c/issue1853 Remove redundant extra step in DPK processing. by Adam Langley https://github.com/w3c/webauthn/commit/fa65a36a18d89a53f8f0fca11e2e4ac48b3c1597 * Use i18n-glossary definition of [=grapheme cluster=] by Emil Lundberg https://github.com/w3c/webauthn/commit/285a9dd0191b07a88720be7ae68b24fca5297d49 * Rename biblio ref UTR29 to UAX29 To align with the terminology used in UAX29 itself as well as in the W3C i18n-glossary spec. by Emil Lundberg https://github.com/w3c/webauthn/commit/898d5df2f3ca24de33ecd44434cea9986f5a8b77 * Update out of date step references by Emil Lundberg https://github.com/w3c/webauthn/commit/f184600c74242c88c6f6451b2c7051942604a997 * Add links to all numbered step references This will help update them correctly when they go out of sync, and also help detect when they do. by Emil Lundberg https://github.com/w3c/webauthn/commit/e57e025b462ce9c2f418a9f4505eb60810778c39 * Apply emlun's suggestions from code review Co-authored-by: Emil Lundberg <emil@yubico.com> by Adam Langley https://github.com/w3c/webauthn/commit/6478874bf740d1daf4f5fba5ddfab602ca5a8c2b * Don't "promote" UV preferred to required, and make uvInitialized update more defensive by Emil Lundberg https://github.com/w3c/webauthn/commit/75e67c48bd5f7ea6f6b9acce9e6aa613b2a123ce * Add smart-card to transports enum by J Pascoe https://github.com/w3c/webauthn/commit/38b01613d2ade84160ed9fa33e61d68fa279778d * Merge pull request #1864 from w3c/issue-1861-update-step-references Add links to and update all numbered step references by Adam Langley https://github.com/w3c/webauthn/commit/ee7ca71a47563bf4a35aa72ae110212ecfe0c7ff * Merge pull request #1863 from w3c/issue-1860-grapheme-cluster Use i18n-glossary definition of [=grapheme cluster=] by Shane Weeden https://github.com/w3c/webauthn/commit/545688df8993a884428c0b12820ff5cf02f1141f * Merge pull request #1836 from w3c/prf2 Only expose the UV PRF by Adam Langley https://github.com/w3c/webauthn/commit/54e0962aef5fa353570700fe2dc8bac9c34db686 * add topOrigin verification logicfor authentication by Tim Cappalli https://github.com/w3c/webauthn/commit/858eb90a9f5faca0c8bd5bfdd1c0141544b2a7bd * Merge pull request #1865 from pascoej/issue-1835-add-smartcard-to-enum Add smart-card to transports enum by J Pascoe https://github.com/w3c/webauthn/commit/a41321a59dfaeacba6b79ee77f0259991e6bd576 * Merge pull request #1879 from w3c/tc-1842-toporigin-get add topOrigin verification logic for get by Tim Cappalli https://github.com/w3c/webauthn/commit/721f151ff807626687c10eb297c4f1494cdd250b * Merge pull request #1774 from w3c/issue-1510-uv-guidance Improve guidance around using UV by Emil Lundberg https://github.com/w3c/webauthn/commit/748eea045a18a2ecad384df20c84f5c7ac33303a * Mark all JSON fields as required. These fields should always be present (although some can be null) but the default for a dictionary field is `optional`. Thus mark them all as required. by Adam Langley https://github.com/w3c/webauthn/commit/da7f7d442ec464c79dc78528d29c0051f39f2e7b * Fields are optional, not nullable, now. by Adam Langley https://github.com/w3c/webauthn/commit/dbd8df4cde6e8b27c2e801940cda4354ff680510 * Merge pull request #1878 from w3c/json Mark all JSON fields as required. by Adam Langley https://github.com/w3c/webauthn/commit/ae71f1008443b7945b1b5d8378880adf55d8b811 * Adjust timeout for create and get operations (#1885) * Adjust Timeout * Change timeout recommendation to Bulleted List by Akshay Kumar https://github.com/w3c/webauthn/commit/ad61c6faa12e522f128d7e649bcca616110118be * Mike is independent by Michael Jones https://github.com/w3c/webauthn/commit/e688b99e1788dd58fbf434cb3239f722fdac0a0c * Update Nick contact by Nick Steele https://github.com/w3c/webauthn/commit/61f08927c7dd0697981f46bd4028d8eb5a92a8da * Merge pull request #1894 from w3c/ns1pw Update Nick Contact info by Nick Steele https://github.com/w3c/webauthn/commit/50c8b9233965571d32da6a06febd3d75ecd366ef * Merge pull request #1893 from selfissued/mbj-independent Mike is independent by Nick Steele https://github.com/w3c/webauthn/commit/6dfbdbaad8425140030afacb7de27eb13e7872ce * Merge branch 'main' into issue-1848-challenge-timeout by Emil Lundberg https://github.com/w3c/webauthn/commit/c36459fd16974023713443b7827a196daa1e6f34 -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 28 June 2023 10:11:05 UTC