[webauthn] new commits pushed by emlun

The following commits were just pushed by emlun to https://github.com/w3c/webauthn:

* Improve UV guidance using new Credential Record concept
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/3daf3be467fd0f58555194d3ce0c4faf2db6380e

* Add note that UV is not MFA the first time UV=1 is seen
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/13b5fcc2e0e9132f83c84fda3e061193a33919d4

* Merge pull request #7 from w3c/main

bring fork up to date
  by Shane Weeden
https://github.com/w3c/webauthn/commit/dec92f16ef8661142a4e068002f32c555840c3a0

* Don't be so strict about uv with the PRF extension.

Authenticators may have different PRFs for the UV and non-UV case. Thus
setting uv=preferred during an assertion is fraught: it doesn't fully
specify which PRF to use.

However, while implementing this, I ended up feeling that the
prohibition on using uv=preferred was too strong. Sites may reasonably
want to use uv=preferred and to take advantage of available PRF results.
If the evaluation points are global then this isn't so silly as to
justify a prohibition, I suspect.
  by Adam Langley
https://github.com/w3c/webauthn/commit/24359a14f2098d260f7b8529d38fe6346fed2326

* Update wording to reflect discussions.
  by Adam Langley
https://github.com/w3c/webauthn/commit/cac92424af0313f36b591089b331300850854e1d

* Apply suggestion from emlun

Co-authored-by: Emil Lundberg <emil@yubico.com>
  by Adam Langley
https://github.com/w3c/webauthn/commit/8680f5861f410f9ba015cd8b4ba4b778071469a6

* Switch to SyntaxError
  by Adam Langley
https://github.com/w3c/webauthn/commit/414de68c8d3f3d458c1c600dab4f450615c2dad4

* Merge branch 'w3c:main' into master
  by Shane Weeden
https://github.com/w3c/webauthn/commit/6bd4140b12d81b07e8cf7153cafdcc1fbfb000d6

* Address issue 1817
  by Shane Weeden
https://github.com/w3c/webauthn/commit/910aac095ff791249ef7fbf60665ce5fa2a91979

* Specify that there's only one PRF, and it's the UV one.

Fixes #1851
  by Adam Langley
https://github.com/w3c/webauthn/commit/5ebc25721158cc45a985e171121911da87d64994

* Merge pull request #1845 from sbweeden/issue_1817

Issue 1817
  by Adam Langley
https://github.com/w3c/webauthn/commit/6a2e2b436872d0a4702c07b1df486b6c7245f40c

* Remove redundant extra step in DPK processing.

This got left in during edits but is covered by the previous step.

Fixes #1853
  by Adam Langley
https://github.com/w3c/webauthn/commit/b65d3394c55943fd129ce01a0139d5f0ccfffe27

* Require that evalByCredential keys match a credential from the allowList, if any.

They are superfluous if they don't.
  by Adam Langley
https://github.com/w3c/webauthn/commit/3b83189b8f30f6fff36d0bd4b1ef2bcf53e148c6

* Fix outdated reference to fmt in devicePubKey error case
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b8d23c69b155b5f97fc9ccae86d2623c8163688e

* Allow for credential creation in a cross-origin iframe (#1801)
  by Stephen McGruer
https://github.com/w3c/webauthn/commit/3ff766eb5bf6f0f4dc40facc3d4aff60460f5057

* Merge branch 'main' into issue-1510-uv-guidance
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/ccc5e2bbb1909a2657f14883eb2b71274f8c20d5

* Clarify to ignore UV flag if not required
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/af07d1598c70431d36ee1ad53e042582b72f7379

* Formalize definition of uvInitialized in credential record
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/7e541a0c9cedea58006f18a414c778d3c1e4f026

* Merge pull request #1858 from w3c/issue1853

Remove redundant extra step in DPK processing.
  by Adam Langley
https://github.com/w3c/webauthn/commit/fa65a36a18d89a53f8f0fca11e2e4ac48b3c1597

* Use i18n-glossary definition of [=grapheme cluster=]
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/285a9dd0191b07a88720be7ae68b24fca5297d49

* Rename biblio ref UTR29 to UAX29

To align with the terminology used in UAX29 itself as well as in the
W3C i18n-glossary spec.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/898d5df2f3ca24de33ecd44434cea9986f5a8b77

* Update out of date step references
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/f184600c74242c88c6f6451b2c7051942604a997

* Add links to all numbered step references

This will help update them correctly when they go out of sync, and also help
detect when they do.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e57e025b462ce9c2f418a9f4505eb60810778c39

* Apply emlun's suggestions from code review

Co-authored-by: Emil Lundberg <emil@yubico.com>
  by Adam Langley
https://github.com/w3c/webauthn/commit/6478874bf740d1daf4f5fba5ddfab602ca5a8c2b

* Don't "promote" UV preferred to required, and make uvInitialized update more defensive
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/75e67c48bd5f7ea6f6b9acce9e6aa613b2a123ce

* Add smart-card to transports enum
  by J Pascoe
https://github.com/w3c/webauthn/commit/38b01613d2ade84160ed9fa33e61d68fa279778d

* Merge pull request #1864 from w3c/issue-1861-update-step-references

Add links to and update all numbered step references
  by Adam Langley
https://github.com/w3c/webauthn/commit/ee7ca71a47563bf4a35aa72ae110212ecfe0c7ff

* Merge pull request #1863 from w3c/issue-1860-grapheme-cluster

Use i18n-glossary definition of [=grapheme cluster=]
  by Shane Weeden
https://github.com/w3c/webauthn/commit/545688df8993a884428c0b12820ff5cf02f1141f

* Merge pull request #1836 from w3c/prf2

Only expose the UV PRF
  by Adam Langley
https://github.com/w3c/webauthn/commit/54e0962aef5fa353570700fe2dc8bac9c34db686

* add topOrigin verification logicfor authentication
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/858eb90a9f5faca0c8bd5bfdd1c0141544b2a7bd

* Merge pull request #1865 from pascoej/issue-1835-add-smartcard-to-enum

Add smart-card to transports enum
  by J Pascoe
https://github.com/w3c/webauthn/commit/a41321a59dfaeacba6b79ee77f0259991e6bd576

* Merge pull request #1879 from w3c/tc-1842-toporigin-get

add topOrigin verification logic for get
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/721f151ff807626687c10eb297c4f1494cdd250b

* Merge pull request #1774 from w3c/issue-1510-uv-guidance

Improve guidance around using UV
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/748eea045a18a2ecad384df20c84f5c7ac33303a

* Mark all JSON fields as required.

These fields should always be present (although some can be null) but
the default for a dictionary field is `optional`. Thus mark them all as
required.
  by Adam Langley
https://github.com/w3c/webauthn/commit/da7f7d442ec464c79dc78528d29c0051f39f2e7b

* Fields are optional, not nullable, now.
  by Adam Langley
https://github.com/w3c/webauthn/commit/dbd8df4cde6e8b27c2e801940cda4354ff680510

* Merge pull request #1878 from w3c/json

Mark all JSON fields as required.
  by Adam Langley
https://github.com/w3c/webauthn/commit/ae71f1008443b7945b1b5d8378880adf55d8b811

* Adjust timeout for create and get operations (#1885)

* Adjust Timeout

* Change timeout recommendation to Bulleted List
  by Akshay Kumar
https://github.com/w3c/webauthn/commit/ad61c6faa12e522f128d7e649bcca616110118be

* Mike is independent
  by Michael Jones
https://github.com/w3c/webauthn/commit/e688b99e1788dd58fbf434cb3239f722fdac0a0c

* Update Nick contact
  by Nick Steele
https://github.com/w3c/webauthn/commit/61f08927c7dd0697981f46bd4028d8eb5a92a8da

* Merge pull request #1894 from w3c/ns1pw

Update Nick Contact info
  by Nick Steele
https://github.com/w3c/webauthn/commit/50c8b9233965571d32da6a06febd3d75ecd366ef

* Merge pull request #1893 from selfissued/mbj-independent

Mike is independent
  by Nick Steele
https://github.com/w3c/webauthn/commit/6dfbdbaad8425140030afacb7de27eb13e7872ce

* Merge branch 'main' into issue-1848-challenge-timeout
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c36459fd16974023713443b7827a196daa1e6f34



-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 28 June 2023 10:11:05 UTC