Thursday, 30 November 2023
- Re: [webauthn] username and display name should not be mandatory (rp, challange either) and OS UX should be simplified if not present (#1915)
- [w3c/webauthn]
- [w3c/webauthn]
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] username and display name should not be mandatory (rp, challange either) and OS UX should be simplified if not present (#1915)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] username and display name should not be mandatory (rp, challange either) and OS UX should be simplified if not present (#1915)
- [webauthn] Pull Request: Reference CTAP 2.1 errata spec
- Re: [webauthn] Consider allowing cross-domain credential use (#1372)
- Re: [webauthn] Consider allowing cross-domain credential use (#1372)
Wednesday, 29 November 2023
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] Code Injection vulnerability from client side (#1965)
- Closed: [webauthn] Code Injection vulnerability from client side (#1965)
- Re: [webauthn] reference CTAP2.1 PS spec and fix broken link (#1635)
- Re: [webauthn] Spec abstract is out of date on the eve of multi-device credentials and cross-device auth (#1743)
- Closed: [webauthn] Spec abstract is out of date on the eve of multi-device credentials and cross-device auth (#1743)
- [w3c/webauthn] 462773: Merge pull request #1988 from w3c/add-credprops-to...
- [webauthn] new commits pushed by github-actions[bot]
- [w3c/webauthn] 76e88e: Initial effort to allow credProps use during auth
- [webauthn] Merged Pull Request: Allow use of credProps extension during auth
- [webauthn] new commits pushed by nicksteele
- [w3c/webauthn] c36951: Merge pull request #1992 from w3c/mm/conditional-u...
- [webauthn] new commits pushed by github-actions[bot]
- [w3c/webauthn] ea6e59: Add note about typical autocomplete combos
- Closed: [webauthn] Spec is not specific enough about order of conditional UI autofill tokens (#1982)
- [webauthn] new commits pushed by nicksteele
- [webauthn] Merged Pull Request: Add note about typical autocomplete combos for conditional UI
- [w3c/webauthn] 4e244a: Merge pull request #2000 from sbweeden/sweeden_1998
- [webauthn] new commits pushed by github-actions[bot]
- [w3c/webauthn] d13f46: Clarify validation step for packed attestation cer...
- [webauthn] new commits pushed by sbweeden
- Closed: [webauthn] How is an RP to know if a packed attestation root certificate is used for multiple authenticator models? (#1998)
- [webauthn] Merged Pull Request: Clarify validation step for packed attestation certificate for RPs.
- 11/29/2023 W3C Web Authentication Meeting
- RE: 11/15/2023 W3C Web Authentication Meeting
Tuesday, 28 November 2023
- Weekly github digest (WebAuthn)
- [webauthn] Pull Request: Fix references to credential private key that should be credential source
- [w3c/webauthn] c2ec71: Fix references to credential private key that shou...
- [webauthn] new commits pushed by emlun
- [webauthn] Wrong type of encrypted content specified for credentialId under "Credential Storage Modality" section (#2002)
Monday, 27 November 2023
- Re: [webauthn] Add backup flags to virtual authenticator (#1999)
- Re: [webauthn] Add new getClientCapabilities method (#1923)
Sunday, 26 November 2023
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] make username fields optional (do not delete them, but do not force their usage, either, which is hostile against usernameless services) (#1942)
Saturday, 25 November 2023
- Re: [webauthn] Support a "create or get [or replace]" credential re-association operation (#1568)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
Friday, 24 November 2023
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] make username fields optional (do not delete them, but do not force their usage, either, which is hostile against usernameless services) (#1942)
- Re: [webauthn] Support a "create or get [or replace]" credential re-association operation (#1568)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] make username fields optional (do not delete them, but do not force their usage, either, which is hostile against usernameless services) (#1942)
- Re: [webauthn] make username fields optional (do not delete them, but do not force their usage, either, which is hostile against usernameless services) (#1942)
- Re: [webauthn] make username fields optional (do not delete them, but do not force their usage, either, which is hostile against usernameless services) (#1942)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
Thursday, 23 November 2023
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
- Re: [webauthn] How to know if a user has already registered a device? (#1749)
Wednesday, 22 November 2023
- [webauthn] Pull Request: Fix incorrect (?) reference in Add Virtual Authenticator
- [w3c/webauthn] a6ee5a: Fix incorrect reference in Add Virtual Authenticator
- [webauthn] new commits pushed by emlun
- 11/22/2023 W3C Web Authentication Meeting -CANCELLED
- Event Canceled: Web Authentication weekly
- Re: [webauthn] How is an RP to know if a packed attestation root certificate is used for multiple authenticator models? (#1998)
- [webauthn] Pull Request: Clarify validation step for packed attestation certificate for RPs.
Tuesday, 21 November 2023
Monday, 20 November 2023
Thursday, 16 November 2023
- Re: [webauthn] Add note about typical autocomplete combos for conditional UI (#1992)
- Re: [webauthn] Add note about typical autocomplete combos for conditional UI (#1992)
- Re: [webauthn] Add note about typical autocomplete combos for conditional UI (#1992)
- [w3c/webauthn]
- [webauthn] Closed Pull Request: Resolve conflicts between spk (#1957) and PR #1970
- Re: [webauthn] Resolve conflicts between spk (#1957) and PR #1970 (#1996)
- Re: [webauthn] Add note about typical autocomplete combos for conditional UI (#1992)
- Re: [webauthn] Drop assertion-time attestation. (#1997)
- Re: [webauthn] How is an RP to know if a packed attestation root certificate is used for multiple authenticator models? (#1998)
- [webauthn] How is an RP to know if a packed attestation root certificate is used for more multiple authenticator models? (#1998)
Wednesday, 15 November 2023
- [w3c/webauthn] c5c873: Merge pull request #1957 from w3c/spk
- [webauthn] new commits pushed by github-actions[bot]
- [w3c/webauthn]
- [w3c/webauthn] 04dd9e: Remove `devicePubKey` extension.
- [webauthn] new commits pushed by agl
- [webauthn] Merged Pull Request: devicePubKey → supplementalPubKeys
- [w3c/webauthn] cc1a9b: Extract recommended timeout ranges and defaults to...
- [webauthn] new commits pushed by agl
- Re: [webauthn] Add new getClientCapabilities method (#1923)
- Re: [webauthn] Add new getClientCapabilities method (#1923)
- Re: [webauthn] Add importCryptoKey input to PRF extension (#1945)
- [webauthn] Closed Pull Request: Add importCryptoKey input to PRF extension
- [w3c/webauthn] a1b203: Merge pull request #1986 from w3c/bikeshed-tweaks-2
- [webauthn] new commits pushed by github-actions[bot]
- [w3c/webauthn]
- [w3c/webauthn] 4b49ca: Tweaks for bikeshed
- [webauthn] new commits pushed by MasterKale
- [webauthn] Merged Pull Request: Tweaks for bikeshed
- [w3c/webauthn] 139405: Explicitly mention that these are examples
- [webauthn] new commits pushed by MasterKale
- [w3c/webauthn] d21314: Merge pull request #1855 from w3c/issue-1848-chall...
- [webauthn] new commits pushed by github-actions[bot]
- [w3c/webauthn]
- [w3c/webauthn] cc1a9b: Extract recommended timeout ranges and defaults to...
- [webauthn] new commits pushed by emlun
- Closed: [webauthn] How long the relying party should maintain the challenge and related information? (#1848)
- [webauthn] Merged Pull Request: Recommend duration of challenge validity
- Re: [webauthn] Drop assertion-time attestation. (#1997)
- [w3c/webauthn] 9cf163: Update other instances of the SPK attestation prefix.
- [webauthn] new commits pushed by agl
- [w3c/webauthn] 228a1f: Enable linking to non-autofill credential type
- Event Updated: Web Authentication weekly
- [webauthn] new commits pushed by MasterKale
- [w3c/webauthn] cf3ca3: authHash -> authData typo fix.
- [webauthn] new commits pushed by agl
- Re: [webauthn] Drop assertion-time attestation. (#1997)
- [w3c/webauthn] 15dad7: Drop assertion-time attestation.
- [webauthn] Pull Request: Drop assertion-time attestation.
- [webauthn] new commits pushed by agl
- [w3c/webauthn] 462113: Apply emlun's changes from code review
- [webauthn] new commits pushed by emlun
- [w3c/webauthn] 72b78b: Address more of emlun's comments.
- [webauthn] new commits pushed by agl
- [w3c/webauthn] 5c7ca4: Incorporate PR feedback
- [webauthn] new commits pushed by MasterKale
- Re: [webauthn] Allow use of credProps extension during auth (#1988)
- [w3c/webauthn] 1d2d52: Align credProps output reference with other extens...
- [webauthn] new commits pushed by MasterKale
- [webauthn] Merged Pull Request: Add credProps client processing step to set authenticatorDisplayName
- [w3c/webauthn] d39e8b: Say "PubKeys" not "PublicKeys"
- [webauthn] new commits pushed by agl
- [w3c/webauthn] 462113: Apply emlun's changes from code review
- [webauthn] new commits pushed by agl
- Re: [webauthn] create() and get() return an algorithm, not a credential (#1984)
- [webauthn] Pull Request: Resolve conflicts between spk (#1957) and PR #1970
- [w3c/webauthn] ba70ca: Merge branch 'main' into spk
- [webauthn] new commits pushed by emlun
- [w3c/webauthn] a24602: Merge branch 'main' into spk
- [webauthn] new commits pushed by emlun
- [w3c/webauthn] d87c22: Merge remote-tracking branch 'origin/main' into spk
- [webauthn] new commits pushed by emlun
- 11/15/2023 W3C Web Authentication Meeting
- Event Canceled: Web Authentication weekly
- Event Updated: Web Authentication weekly
- Event Invitation: Web Authentication weekly
Tuesday, 14 November 2023
Friday, 10 November 2023
Thursday, 9 November 2023
Tuesday, 7 November 2023
- Weekly github digest (WebAuthn)
- Re: EAP method based on FIDO (@ IETF this week)
- [webauthn] rp.name, user.name and user.displayName length limit does not state binary encoding (#1994)
- Re: EAP method based on FIDO (@ IETF this week)
Monday, 6 November 2023
- Re: [webauthn] Inconsistent Passkey Authentication in Google Chrome (#1993)
- Closed: [webauthn] Inconsistent Passkey Authentication in Google Chrome (#1993)
- Re: EAP method based on FIDO (@ IETF this week)
Sunday, 5 November 2023
- Re: [webauthn] Inconsistent Passkey Authentication in Google Chrome (#1993)
- EAP method based on FIDO (@ IETF this week)
- Re: [webauthn] Inconsistent Passkey Authentication in Google Chrome (#1993)
- Re: [webauthn] Inconsistent Passkey Authentication in Google Chrome (#1993)
Saturday, 4 November 2023
- Re: [webauthn] Inconsistent Passkey Authentication in Google Chrome (#1993)
- [webauthn] Inconsistent Passkey Authentication in Google Chrome (#1993)
Friday, 3 November 2023
- Re: [webauthn] Consider allowing cross-domain credential use (#1372)
- Re: [webauthn] Consider allowing cross-domain credential use (#1372)
- Re: [webauthn] Clarify how to differentiate between exceptions (#1859)
- Re: [webauthn] Clarify how to differentiate between exceptions (#1859)
Wednesday, 1 November 2023
- Re: [webauthn] Add new getClientCapabilities method (#1923)
- Re: [webauthn] Clarify how to differentiate between exceptions (#1859)
- Re: [webauthn] Add note about typical autocomplete combos for conditional UI (#1992)
- Re: [webauthn] Clarify how to differentiate between exceptions (#1859)
- Event Updated: Web Authentication bi-weekly
- Re: [webauthn] Add note about typical autocomplete combos for conditional UI (#1992)
- Re: [webauthn] Virtual Authenticator API does not expose a way to set backup-eligible or backup-status flags (#1987)
- Re: [webauthn] Add note about typical autocomplete combos for conditional UI (#1992)
- [w3c/webauthn] f12069: Try to generate valid HTML
- [webauthn] new commits pushed by MasterKale
- [webauthn] Pull Request: Add note about typical autocomplete combos
- [w3c/webauthn] ea6e59: Add note about typical autocomplete combos
- [webauthn] new commits pushed by MasterKale
- 11/01/2023 W3C Web Authentication Meeting - Corrected start time