- From: Matthew Miller <noreply@github.com>
- Date: Wed, 28 Aug 2024 09:48:24 -0700
- To: public-webauthn@w3.org
Branch: refs/heads/2062-new-error-codes
Home: https://github.com/w3c/webauthn
Commit: e3603f37a69233f2e9b64bc8a740a75be5796ffb
https://github.com/w3c/webauthn/commit/e3603f37a69233f2e9b64bc8a740a75be5796ffb
Author: Emil Lundberg <emil@yubico.com>
Date: 2024-07-17 (Wed, 17 Jul 2024)
Changed paths:
M index.bs
Log Message:
-----------
Relax PublicKeyCredentialRequestOptions.rpId to DOMString
Alternative resolution to issue #2066: https://github.com/w3c/webauthn/issues/2066
Fixes #2066.
This is a backwards-compatible change (changing a type bound in
input (contravariant) position to be more permissive). This could have risked
that WebAuthn calls in new implementations fail if run in clients that were
built to the older spec and still enforce the `USVString` type in `get()`, but
WebAuthn already defines that an RP ID must be a _valid domain string_:
- A [valid domain string][1] must pass the _domain to ASCII_ procedure without
error.
- [Domain to ASCII][2] invokes the _processing steps in section 4_ of the same
document.
- Those processing steps begin with looking up each code point in the _IDNA
mapping table_ and then returning an error if any code point was mapped
to **disallowed**.
- The [IDNA mapping table][3] notes that "Each table for a version of the
Unicode Standard will always be backward compatible with previous versions of
the table: only characters with the Status value **disallowed** may change in
Status or Mapping value, [...]".
- [Version 15.1.0 of the mapping table][4] maps the range U+D800..U+DFFF
to **disallowed**. This is the range of surrogate code units.
- Since this range is **disallowed** in version 15.1.0, it must also
be **disallowed** in all previous versions.
Conclusion: WebAuthn RP IDs are already always scalar value strings, because
valid domain strings MUST NOT contain surrogate code units. Therefore this type
relaxation is backwards compatible with WebAuthn clients that still enforce
`USVString` type in `get()`.
[1]: https://url.spec.whatwg.org/#valid-domain-string
[2]: https://www.unicode.org/reports/tr46/#ToASCII
[3]: https://www.unicode.org/Public/idna/
[4]: https://www.unicode.org/Public/idna/15.1.0/IdnaMappingTable.txt
Commit: f15b18b1609d96956016fdefb7457eed944263cb
https://github.com/w3c/webauthn/commit/f15b18b1609d96956016fdefb7457eed944263cb
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-07-30 (Tue, 30 Jul 2024)
Changed paths:
M index.bs
Log Message:
-----------
Use simple exceptions instead
Commit: b95ca47ea95efd1569cdcf03159e2395e3faddc5
https://github.com/w3c/webauthn/commit/b95ca47ea95efd1569cdcf03159e2395e3faddc5
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-07-30 (Tue, 30 Jul 2024)
Changed paths:
M index.bs
Log Message:
-----------
Add SecurityError reasons for related origins
Commit: 097113a96b137cd445ee59e04b02d153b5708666
https://github.com/w3c/webauthn/commit/097113a96b137cd445ee59e04b02d153b5708666
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M index.bs
Log Message:
-----------
Remove work from #2095
Commit: 3e36885324a4153a5ce578487ea95a6b1f0f3b99
https://github.com/w3c/webauthn/commit/3e36885324a4153a5ce578487ea95a6b1f0f3b99
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M index.bs
Log Message:
-----------
Tweak SecurityError for Related Origins
Commit: 36dc20c78b7f004884229df5fad06059742b5c06
https://github.com/w3c/webauthn/commit/36dc20c78b7f004884229df5fad06059742b5c06
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M index.bs
Log Message:
-----------
Incorporate feedback from Emlun
Commit: fc5280160aa4f14c9f0f5821598159580ef755a3
https://github.com/w3c/webauthn/commit/fc5280160aa4f14c9f0f5821598159580ef755a3
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M index.bs
Log Message:
-----------
Remove superfluous webidl spec reference
Commit: 419e71fd41f9ee41eca87d833b7f95878a908afc
https://github.com/w3c/webauthn/commit/419e71fd41f9ee41eca87d833b7f95878a908afc
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M index.bs
Log Message:
-----------
RPs won't get UnknownError authenticator errors
Commit: 2b692faccc91e9559ddace2d4405987f144158e0
https://github.com/w3c/webauthn/commit/2b692faccc91e9559ddace2d4405987f144158e0
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M index.bs
Log Message:
-----------
Wrap types in code tags
Commit: 49325c8983c688c4526815ee008289aa9f276b1f
https://github.com/w3c/webauthn/commit/49325c8983c688c4526815ee008289aa9f276b1f
Author: Michael B. Jones <michael_b_jones@hotmail.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M index.bs
Log Message:
-----------
Apply RFC 8264 enforcement only to non-empty strings (#2073)
* Disallow empty strings
* Update index.bs
Co-authored-by: Matthew Miller <matthew@millerti.me>
* Apply RFC 8264 enforcement only to non-empty strings
---------
Co-authored-by: Matthew Miller <matthew@millerti.me>
Commit: d5f7c33a8e3b9170b0e1b3cf6a644464e9022d52
https://github.com/w3c/webauthn/commit/d5f7c33a8e3b9170b0e1b3cf6a644464e9022d52
Author: Tim Cappalli <tim@cloudauth.dev>
Date: 2024-08-01 (Thu, 01 Aug 2024)
Changed paths:
A .github/pull_request_template.md
Log Message:
-----------
Add PR template
Commit: 30061db80f7296f55b9bc22e16cf06d754e2a584
https://github.com/w3c/webauthn/commit/30061db80f7296f55b9bc22e16cf06d754e2a584
Author: Emil Lundberg <emil@yubico.com>
Date: 2024-07-31 (Wed, 31 Jul 2024)
Changed paths:
M index.bs
Log Message:
-----------
Merge pull request #2098 from w3c/issue-2066-usvstring-alt
Relax PublicKeyCredentialRequestOptions.rpId to DOMString
Commit: 902af61dc7aa15229b6aad92f0dd998e43de8f91
https://github.com/w3c/webauthn/commit/902af61dc7aa15229b6aad92f0dd998e43de8f91
Author: Tim Cappalli <tim@cloudauth.dev>
Date: 2024-08-01 (Thu, 01 Aug 2024)
Changed paths:
M .github/pull_request_template.md
Log Message:
-----------
adds links
Co-authored-by: Nina Satragno <nsatragno@gmail.com>
Commit: 2ec45f8b34638b0c62bb4208507bc4a76cd0ef4f
https://github.com/w3c/webauthn/commit/2ec45f8b34638b0c62bb4208507bc4a76cd0ef4f
Author: Adam Langley <agl@chromium.org>
Date: 2024-08-01 (Thu, 01 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Drop the supplementalPubKeys extension
This extension will not have two interoperable implementations within
the Level 3 timeframe.
Commit: a5a12f6a76ee1624340b7b514822e48936836b76
https://github.com/w3c/webauthn/commit/a5a12f6a76ee1624340b7b514822e48936836b76
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-08-06 (Tue, 06 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Move position of `id` to match non-JSON ordering
Commit: 998b863a07c03a888365927b8935c11b85b7c53d
https://github.com/w3c/webauthn/commit/998b863a07c03a888365927b8935c11b85b7c53d
Author: Emil Lundberg <emil@yubico.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Move topOrigin definition after crossOrigin
Commit: 4c22cbe8ad4fc5f441c024c3eb0fdb3fcb6d5ee7
https://github.com/w3c/webauthn/commit/4c22cbe8ad4fc5f441c024c3eb0fdb3fcb6d5ee7
Author: Tim Cappalli <tim@cloudauth.dev>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M .github/pull_request_template.md
Log Message:
-----------
non-normative comment
Commit: 34d8b60de1f7e0e0e29b9f082e51ffa9012411dc
https://github.com/w3c/webauthn/commit/34d8b60de1f7e0e0e29b9f082e51ffa9012411dc
Author: Emil Lundberg <emil@yubico.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Change type of credProps.authenticatorDisplayName to DOMString
As recommended by the Web IDL spec [1]:
>Specifications should only use `USVString` for APIs that perform text
>processing and need a string of scalar values to operate on. Most APIs that use
>strings should instead be using `DOMString`, which does not make any
>interpretations of the code units in the string. When in doubt, use `DOMString`.
[1]: https://webidl.spec.whatwg.org/#idl-USVString
Commit: 056ed8b71badb1bd47119032621ab85194177da5
https://github.com/w3c/webauthn/commit/056ed8b71badb1bd47119032621ab85194177da5
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Merge pull request #2047 from w3c/1859-differentiate-errors
Help RP's understand actionable exceptions from `create()` and `get()`
Commit: 2df9691d9537f4e54d1b83fc9707525e8e34dac0
https://github.com/w3c/webauthn/commit/2df9691d9537f4e54d1b83fc9707525e8e34dac0
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Merge pull request #2110 from w3c/mm/2082-publickeycredentialdescriptorjson-ordering
Reorder PublicKeyCredentialDescriptorJSON values to match PublicKeyCredentialDescriptor
Commit: c6defa8da7ed656784d609b6ac8821123e242091
https://github.com/w3c/webauthn/commit/c6defa8da7ed656784d609b6ac8821123e242091
Author: Emil Lundberg <emil@yubico.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Restore (empty) Authenticator Extensions section
Commit: b308a66f89615409202ee15283797429b835a8ac
https://github.com/w3c/webauthn/commit/b308a66f89615409202ee15283797429b835a8ac
Author: Emil Lundberg <emil@yubico.com>
Date: 2024-08-07 (Wed, 07 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Merge pull request #2109 from w3c/rmspk
Drop the supplementalPubKeys extension
Commit: 769610ebc28afaad6604795722e4e15fc30fb8d1
https://github.com/w3c/webauthn/commit/769610ebc28afaad6604795722e4e15fc30fb8d1
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-08-14 (Wed, 14 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Change id to DOMString
Commit: 9135ead6f32c02e0abb2a2c535c320cef8da1d56
https://github.com/w3c/webauthn/commit/9135ead6f32c02e0abb2a2c535c320cef8da1d56
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-08-14 (Wed, 14 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Merge pull request #2120 from w3c/mm/update-responsejson-id-type
Change `*ResponseJSON.id` to `DOMString`
Commit: d261d9ebf8ca57b299ae97de33bfa6c2d185d4f9
https://github.com/w3c/webauthn/commit/d261d9ebf8ca57b299ae97de33bfa6c2d185d4f9
Author: Tim Cappalli <tim@cloudauth.dev>
Date: 2024-08-15 (Thu, 15 Aug 2024)
Changed paths:
M .github/pull_request_template.md
Log Message:
-----------
Remove MDN
Removes contact MDN item
Commit: 5f0701d0c35b3080d3b3f9a928b1b4373a98b7e4
https://github.com/w3c/webauthn/commit/5f0701d0c35b3080d3b3f9a928b1b4373a98b7e4
Author: Emil Lundberg <emil@yubico.com>
Date: 2024-08-14 (Wed, 14 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Merge pull request #2114 from w3c/issue-2101-toporigin-order
Move topOrigin definition after crossOrigin
Commit: 93193a1dcfddf6a6daa4726fafa4f556bff203ca
https://github.com/w3c/webauthn/commit/93193a1dcfddf6a6daa4726fafa4f556bff203ca
Author: Tim Cappalli <tim@cloudauth.dev>
Date: 2024-08-14 (Wed, 14 Aug 2024)
Changed paths:
A .github/pull_request_template.md
Log Message:
-----------
Merge pull request #2108 from w3c/tc-pr-template
Add PR template
Commit: 6a795162349c0f7daa6d714bd6bff521dda5ed0d
https://github.com/w3c/webauthn/commit/6a795162349c0f7daa6d714bd6bff521dda5ed0d
Author: Emil Lundberg <emil@yubico.com>
Date: 2024-08-28 (Wed, 28 Aug 2024)
Changed paths:
M index.bs
Log Message:
-----------
Merge pull request #2115 from w3c/authenticatorDisplayName-DOMString
Change type of credProps.authenticatorDisplayName to DOMString
Commit: d6ada588e1223e3265b2cfce2f383f82b2e41b18
https://github.com/w3c/webauthn/commit/d6ada588e1223e3265b2cfce2f383f82b2e41b18
Author: Matthew Miller <mmiller@duosecurity.com>
Date: 2024-08-28 (Wed, 28 Aug 2024)
Changed paths:
A .github/pull_request_template.md
M index.bs
Log Message:
-----------
Merge branch 'main' into 2062-new-error-codes
# Conflicts:
# index.bs
Compare: https://github.com/w3c/webauthn/compare/17ff8f135336...d6ada588e122
To unsubscribe from these emails, change your notification settings at https://github.com/w3c/webauthn/settings/notifications
Received on Wednesday, 28 August 2024 16:48:28 UTC