[webauthn] new commits pushed by rlin1

The following commits were just pushed by rlin1 to https://github.com/w3c/webauthn:

* add getClientCapabilites method and enum
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/4cc06707fccbce1e0b053c2d9bff123101579cc0

* add "the"

Co-authored-by: Adam Langley <agl@google.com>
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/9214c75cdabaf4d1f68cad2ab9967d3d2b4895bf

* change enum to ClientCapability for consistency
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/5e47920cefa86a75a21fa2239f8f4511b7826de3

* add note about enum not being referenced
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/1600f58accc46a8aaa05e18770bc5d863ff3e251

* updated interface to sequence of DOMStrings
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/450959b5167052cd6e10ac716100be38512ddcab

* remove client-pin-entry per 2023-07-26 call
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/968040a72db36cb2dcfc6440f4b9ef280b5d2422

* change to dict and add new values
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/6931dadd4595cd2238398a56e0eea1a73ce6978a

* remove isPasskeyPlatformAuthenticatorAvailable
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/73071620a3ba5fb6fd03d4344f22ab4177a81441

* s/ClientCapability/ClientCapabilities
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/baa930a738a2bb25ab73cbbd65bd0c0f6f004560

* Merge branch 'tc-clientfeatmethod' into tc-remove-isPPAA

# Conflicts:
# index.bs
  by Matthew Miller
https://github.com/w3c/webauthn/commit/9606e719ef39b835bc562cf3c04f2b0d00ef5bf1

* Merge pull request #1936 from w3c/tc-remove-isPPAA

remove isPasskeyPlatformAuthenticatorAvailable()
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/82ec494b1ba2080085086c93296ab3fe6ce65e51

* first stab at new approach for getClientCapabilities
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/633a2da0ae7d02665054a037b50aab0e5515fb49

* missing quote
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/244b54e79f9fa0a83960f1c87c2d3d865c1ec9ce

* add SecureContext to result
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/1fe91797ad288240266533d8f9cbaadc9f949fad

* spelling

Co-authored-by: Matthew Miller <mmiller@duosecurity.com>
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/5c39e19f9d18113c22996e7f99a1de4dc5d6707c

* add conditional-create
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/699e9d158058ab5b7a852e7abd73876e297269ad

* Incorporate Emil's changes

Co-authored-by: Emil Lundberg <emil@yubico.com>
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/53e8d8ca4d720705a5dee4fc676d6f1df0d946ba

* address AGL global namespace feedback
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/b27eb4d0d2644f227c986faaaab308394455801f

* Drop assertion-time attestation.

We don't believe that there's a use for it now. The cases that wish to
plumb this sort of data back can do so via other means.
  by Adam Langley
https://github.com/w3c/webauthn/commit/15dad79c988638a1f1a89c2d3a0defed9195ef69

* first pass at privacy considerations
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/ecc19d46c98fcb9cfa185da04ae5b0901ada6d79

* John's feedback
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/594e3388d0af20977dbce2c0fe3bb5cd7a83429f

* Correct capitalization on "Github"
  by Matthew Miller
https://github.com/w3c/webauthn/commit/9bd28671a15259cc74b5ead7213bb6c898ee7104

* Merge branch 'main' into noatt
  by Adam Langley
https://github.com/w3c/webauthn/commit/06068d0035e3b59b9b9846d3022fb5f1b00a3109

* Update to reflect comments on the PR.
  by Adam Langley
https://github.com/w3c/webauthn/commit/d3bbf9ae64b698aeba8e8097eb3693e9133be0c3

* Mark SPK's `signatures` output as required.

AuthenticationExtensionsSupplementalPubKeysOutputs.signatures should
always be present in the client extension outputs since it's the only
field and SPK makes no sense without the signatures.
  by Adam Langley
https://github.com/w3c/webauthn/commit/296ca5506a34e6b640695b8f76bb8291d43a90f9

* Merge branch 'main' into tc-clientfeatmethod

# Conflicts:
# index.bs
  by Matthew Miller
https://github.com/w3c/webauthn/commit/75b9061cf2c9e58fc2d3cfa703cdf55de855be1a

* Replace "maplike" with "record"
  by Matthew Miller
https://github.com/w3c/webauthn/commit/a3fd6fda1167d563a8d64c5e5a52525cc1954629

* Switch to camelCase for capability names
  by Matthew Miller
https://github.com/w3c/webauthn/commit/a856b6da966cbce9029a54ad6344237fe862c803

* Prune readonly from record
  by Matthew Miller
https://github.com/w3c/webauthn/commit/4969d28f403ee35b5e32983640ea552d39f7e2f4

* Switch to a typedef
  by Matthew Miller
https://github.com/w3c/webauthn/commit/b0fdc69d6ebe9ca12fb580fc21c13e521ce73e51

* Remove key sorting requirement
  by Matthew Miller
https://github.com/w3c/webauthn/commit/903620ec2be7c5118b8357b2ab909a45bf63d896

* Add link to Disclocing Client Capabilities section
  by Matthew Miller
https://github.com/w3c/webauthn/commit/ee7990c2766a88cc1e307c9e068e808d28d0268c

* Restore mandate to sort capabilities
  by Matthew Miller
https://github.com/w3c/webauthn/commit/f6d2eb58e34382aa0c9f2fa86a657d042f96e441

* Lexicographically sort ClientCapability
  by Matthew Miller
https://github.com/w3c/webauthn/commit/803fa75fb86972bc6150f2da740817681196ca6f

* Allow clients to omit capabilities
  by Matthew Miller
https://github.com/w3c/webauthn/commit/ef54380aebf78db9bcadb1b5751c1158e1d802d7

* Expand upon the definition of "unsigned extension outputs"

Fixes #1964
  by Adam Langley
https://github.com/w3c/webauthn/commit/46a3d5e91c0b6a471d86f439f09e45985c52dc8c

* Delete reference to {{AuthenticatorAttestationResponse/attestationObject}} added in meta-PR #1812

Originally added in commit 25291deccf763d1110500f3c02bcc396646bd2af.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/a0cfb6c897df6fc85c939062c9d46ecb7ac8c302

* Fix references to reserved tokenBinding member

Commit 5f45d34abe3e6826f1e676c35a3dc5d349bec2ad in PR #1661 changed
the definition type of `CollectedClientData/tokenBinding` from
"dict-member" to "dfn" to resolve Bikeshed errors about the member not
existing in the `CollectedClientData` definition.

However, autolinks to the reserved `tokenBinding` member still use the
`{{foo}}` syntax, which is only for IDL types, so the autolinks no
longer resolve. This results in Bikeshed instead pulling these
autolinks as external refs from the spec database instead of internal
refs, which results in an entry being added to the "terms defined
elsewhere" index: "[WEBAUTHN-3] defines the following terms:
tokenBinding". The changed definition type also changes the generated
link anchor from "#dom-collectedclientdata-tokenbinding" to
"#collectedclientdata-tokenbinding".

This fixes these issues by declaring the link anchor explicitly, for
backwards compatibility, and by changing the autolinks to use the
`[=foo=]` syntax for autolinks to "dfn"-type definitions.

This also fixes the following Bikeshed lint:

```
LINT: Unexported dfn that's not referenced locally - did you mean to export it?
<dfn data-dfn-type="dfn" data-dfn-for="CollectedClientData" id="collectedclientdata-tokenbinding" data-lt="tokenBinding" data-noexport="by-default">tokenBinding<a href="#collectedclientdata-tokenbinding" class="self-link"></a></dfn>
<dfn data-dfn-type="dfn" data-dfn-for="CollectedClientData" id="collectedclientdata-tokenbinding" data-lt="tokenBinding" data-noexport="by-default">tokenBinding<a href="#collectedclientdata-tokenbinding" class="self-link"></a></dfn>
```
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/281408326a6296a8e744bd9e560e12a23e49fa80

* Remove autolink to nonexistent term "WebAuthn credentials"

Fixes this Bikeshed lint:

```
LINE ~8667: No 'dfn' refs found for 'webauthn credentials'.
[=WebAuthn credentials=]
```
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2b9add231f5fc349850d9ed5d0182fd6055086a0

* Delete unused term "client-side discoverable credential property"

Fixes this Bikeshed lint:

```
LINT: Unexported dfn that's not referenced locally - did you mean to export it?
<dfn data-dfn-type="dfn" data-dfn-for="CredentialPropertiesOutput" id="credentialpropertiesoutput-client-side-discoverable-credential-property" data-lt="client-side discoverable credential property" data-noexport="by-default">client-side discoverable credential property<a href="#credentialpropertiesoutput-client-side-discoverable-credential-property" class="self-link"></a></dfn>
<dfn data-dfn-type="dfn" data-dfn-for="CredentialPropertiesOutput" id="credentialpropertiesoutput-client-side-discoverable-credential-property" data-lt="client-side discoverable credential property" data-noexport="by-default">client-side discoverable credential property<a href="#credentialpropertiesoutput-client-side-discoverable-credential-property" class="self-link"></a></dfn>
```
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/3aa02474e71e68499242f867f05c4cad861e0f53

* Merge pull request #1923 from w3c/tc-clientfeatmethod

Add new getClientCapabilities method
  by Matthew Miller
https://github.com/w3c/webauthn/commit/80b478c95c6476eef2ec94f1a43dda8c487cae50

* Merge pull request #2011 from w3c/spkrequired

Mark SPK's `signatures` output as required.
  by Adam Langley
https://github.com/w3c/webauthn/commit/759221b4c49a46cd5569d333f44b660e8c71c73b

* Merge pull request #2009 from w3c/mm/2007-fix-github-capitalization

Correct capitalization on "Github"
  by Matthew Miller
https://github.com/w3c/webauthn/commit/0d23dbf849ba9c5ba09a16993419b2cc7102be7f

* Merge pull request #1997 from w3c/noatt

Drop assertion-time attestation.
  by Adam Langley
https://github.com/w3c/webauthn/commit/830e6c09121feaf0846cd974c6b3300bf9d643fe

* Merge pull request #2015 from w3c/fix-lint

Fix Bikeshed lint
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/82db709d1014668da8f6fb080b8806d647dc0edc

* Apply suggestion.

Co-authored-by: Emil Lundberg <emil@yubico.com>
  by Adam Langley
https://github.com/w3c/webauthn/commit/8f8c7ea95e294d3d37db5fa0a832f7d3e1e920b7

* Merge pull request #2012 from w3c/uxo

Expand upon the definition of "unsigned extension outputs"
  by Adam Langley
https://github.com/w3c/webauthn/commit/73b35629b6a58b7a9ee44b366f02c6fd28cfe98b

* Added a loophole for secure contexts not using https

Clients today want to allow localhost on http, but are forbidden by spec due to scheme validation
  by Anders Åberg
https://github.com/w3c/webauthn/commit/2a653decc794850743bb149fd919c81c10614b04

* Fixed bikeshedding
  by Anders Åberg
https://github.com/w3c/webauthn/commit/66b792ddf2b69e4a074d226d77538de9e3c1fb49

* Trigger Build
  by Anders Åberg
https://github.com/w3c/webauthn/commit/84055e6097dba51a331319078e3e8a4722858967

* remove pluralisation

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Anders Åberg
https://github.com/w3c/webauthn/commit/b4ce93ef1cd5e1da1862753bc60ad4ea691ed1c3

* Added example of valid origin based on secure context
  by Anders Åberg
https://github.com/w3c/webauthn/commit/8775f04db59276df3cba5d52509494436b0bead9

* Changed wording to spell out localhost
  by Anders Åberg
https://github.com/w3c/webauthn/commit/85d28a3dc985e874c6a77356ac7629289ecfd7c6

* Merge pull request #2014 from w3c/tokenbinding-ref

Fix references to reserved tokenBinding member
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/99cbcfaf23ad2d0cd823c2adb795d9e2350aa68e

* Editorial tweaks and links
  by Anders Åberg
https://github.com/w3c/webauthn/commit/ec161c4c2810a9b884d0b6cc756689fbdd7c9cd4

* missed one
  by Anders Åberg
https://github.com/w3c/webauthn/commit/9f8fa53883e4a36933e1241653535d656844e11f

* Fix indentation of step to invoke authenticatorMakeCredential

The current indentation renders this step as a sub-step of "For each credential
descriptor C in pkOptions.excludeCredentials", meaning the operation is to be
invoked once per `excludeCredentials` entry and not at all if
`excludeCredentials` is empty. The indentation appears to have been broken in
commit b44009c0bc24ed76f79c94c4bf6a3d5a111439ae (originally
7acc1d5ccb24306956acdeb31e995e8f7c486353) in PR #1366, caused by a mix of tab
and space characters being replaced with just spaces.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e239ee557e71232c034ff8e034582f1e231cf31f

* Update index.bs
  by Anders Åberg
https://github.com/w3c/webauthn/commit/537736625ed6bd7cbae7c968fa0fe5edf4adf2c9

* Merge pull request #2027 from w3c/issue-2025-invoke-makeCred-indentation

Fix indentation of step to invoke authenticatorMakeCredential
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/bfe8f632aa7ee87edd263d2d4cdd2b069c1b7dd5

* Merge pull request #2018 from abergs/non-https-loophole

Adding flexibility in client origin scheme validation to align with real world implementations
  by Nick Steele
https://github.com/w3c/webauthn/commit/3c71812cfb6f2e295e9ea42e2ede9529820784b4

* Update index.bs
  by Anders Åberg
https://github.com/w3c/webauthn/commit/bb1948affe8ebb383d1fc905fb824ede4340fabd

* Merge pull request #2019 from abergs/localhost-context-example

Adding example of localhost as allowed host/origin
  by Nick Steele
https://github.com/w3c/webauthn/commit/1a72b38d408b59f823a863a18dc755d76e0ba21d

* Precisize that it's assertions that don't sign the credential ID
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/fdfeb07c169de1d9702da5580f11e9aa74e3d95a

* Merge pull request #2029 from w3c/issue-2028-credential-id-signed-sometimes

Precisize that it's assertions that don't sign the credential ID
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c75b69e2214ee5761e318a48619de2dc25364fc1

* Merge branch 'main' into txAuthSimple2
  by rlin1
https://github.com/w3c/webauthn/commit/d18e271545d16ad81ff2d9da165c02b06fa09a2c

* changed CollectedClientData integration approach
  by rlin1
https://github.com/w3c/webauthn/commit/a175ab9dbc1ee9b731590dbe2a4c1162279f0139



-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 30 April 2024 16:41:22 UTC