[webauthn] Pull Request: Add the `topOrigin` field to the limited clientData verification algorithm from Adam Langley via GitHub on 2024-08-16 (public-webauthn@w3.org from August 2024)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Fri, 16 Aug 2024 23:06:05 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-2023713896-1723849562-sysbot+gh@w3.org>

agl has just submitted a new pull request for https://github.com/w3c/webauthn:

== Add the `topOrigin` field to the limited clientData verification algorithm ==
I was asked to to the PR for this issue, without looking at the submitted PR, in order to avoid IPR issues that would arise from a change by a non-member.

The `topOrigin` field was added the the CollectedClientData, and the serialization algorithm, but not the verification algorithm. This PR addresses that.

Fixes #2102

<!-- Remove the following for non-normative changes -->

The following tasks have been completed:

- [x] Modified Web platform tests ([link](https://chromium-review.googlesource.com/c/chromium/src/+/5794170)) (Doesn't actually check this bit of the text due to complexity of setting up the iframes, but adds a test for this serialization in general, which was the bigger existing omission.)

Implementation commitment:

(Omitting due to minor nature of the change.)

Documentation and checks

- [ ] Affects privacy
- [ ] Affects security
- [ ] Updated explainer


See https://github.com/w3c/webauthn/pull/2123


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 16 August 2024 23:06:06 UTC