- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Tue, 02 Jan 2024 20:39:42 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by agl to https://github.com/w3c/webauthn: * Extract recommended timeout ranges and defaults to new accessibility cons section by Emil Lundberg https://github.com/w3c/webauthn/commit/cc1a9ba6f413723594397fa2aba705aaf218d241 * Recommend duration of challenge validity by Emil Lundberg https://github.com/w3c/webauthn/commit/b6e3232386c77e2819ea37b4e9ae0922326bf064 * Merge branch 'main' into issue-1848-challenge-timeout by Emil Lundberg https://github.com/w3c/webauthn/commit/c36459fd16974023713443b7827a196daa1e6f34 * Remove `devicePubKey` extension. by Adam Langley https://github.com/w3c/webauthn/commit/04dd9e842540167d86791775972389e5f3022389 * Add `supplementalPubKeys` extension. This extension is very similar the previous `devicePubKeys` extension. The difference is that `supplementalPubKey` allows for one _or two_ supplemental keys, and while supplemental keys can be device bound, they can also have "provider" scope, which is defined by their attestation statement. by Adam Langley https://github.com/w3c/webauthn/commit/b7c3b0ee62d92a2c776a55fe011b2320058fc5df * Remove the requirement that SPK be used only with backup eligible credentials. (Based on the WG discussion of 2023-09-20.) by Adam Langley https://github.com/w3c/webauthn/commit/f5ea861fdc41f9bf2ee2238d46acd9247b12efc3 * Tweaks for bikeshed by plehegar https://github.com/w3c/webauthn/commit/4b49caa8334a206790442d1de726f86fd849d4b5 * Initial effort to allow credProps use during auth by Matthew Miller https://github.com/w3c/webauthn/commit/76e88e1d80947284a422894fe81d686f478ed67b * Don't define a [[preventSilentAccess]] internal method Fixes issue #1956. https://github.com/w3c/webauthn/issues/1956 by Emil Lundberg https://github.com/w3c/webauthn/commit/2803185b119e629012f5bff58fc3f60f8a7cce4b * Incorporate PR feedback by Matthew Miller https://github.com/w3c/webauthn/commit/bd5ff7a18da497adaa2467411991200f36a3e4c3 * Restore rk instructions into client processing by Matthew Miller https://github.com/w3c/webauthn/commit/5025ea2e0445f5023030929382ee9b18491b74df * Change "will" to "will likely". (Addressing Tim's comment.) by Adam Langley https://github.com/w3c/webauthn/commit/24dd8e97fd19ce256f5e03658608d4a6491081c9 * Add note about typical autocomplete combos by Matthew Miller https://github.com/w3c/webauthn/commit/ea6e598899bcba6da6cf7df585cf8ec630c65acb * Try to generate valid HTML by Matthew Miller https://github.com/w3c/webauthn/commit/f120690a4a3a98240ae930c341099d9cdb0ec1cc * Align credProps output reference with other extensions by Emil Lundberg https://github.com/w3c/webauthn/commit/1d2d52152a46b0d3e2f9fb7bbf9558a5858b84a0 * Add credProps client processing step to set authenticatorDisplayName by Emil Lundberg https://github.com/w3c/webauthn/commit/2472df637429f96be24dcb361df087c1cbaa50bb * Apply emlun's changes from code review Co-authored-by: Emil Lundberg <emil@yubico.com> by Adam Langley https://github.com/w3c/webauthn/commit/462113c4892dc9f80fbb67c453be11f6940061bc * Say "PubKeys" not "PublicKeys" The extension name uses "PubKeys" but some of the structures said "PublicKeys". Be consistent. by Adam Langley https://github.com/w3c/webauthn/commit/d39e8b5e276eed21e710e98db3c035ef8fde7c3e * Merge pull request #1995 from emlun/add-credprops-to-make Add credProps client processing step to set authenticatorDisplayName by Matthew Miller https://github.com/w3c/webauthn/commit/22aa6ff6458bc7c57767e2a5909e511ec07dd5ec * Incorporate PR feedback by Matthew Miller https://github.com/w3c/webauthn/commit/5c7ca4d9ae384ed6c0b8f61cf9c0ae11c2a59153 * Address more of emlun's comments. by Adam Langley https://github.com/w3c/webauthn/commit/72b78b5a40922a69b51ed38d5ed0e2cffe9c5ba5 * authHash -> authData typo fix. by Adam Langley https://github.com/w3c/webauthn/commit/cf3ca3a479e939011dc2e5f18b69d34a5a61852f * Enable linking to non-autofill credential type by Matthew Miller https://github.com/w3c/webauthn/commit/228a1f8a9227988c0812628803dfabfd8b0feb3d * Update other instances of the SPK attestation prefix. by Adam Langley https://github.com/w3c/webauthn/commit/9cf1634c5ee5bad49c892c044cd008a5ee2096d6 * Merge pull request #1855 from w3c/issue-1848-challenge-timeout Recommend duration of challenge validity by Emil Lundberg https://github.com/w3c/webauthn/commit/d4510f85116130c2bb2f2e9f6bd21819db111c51 * Explicitly mention that these are examples by Matthew Miller https://github.com/w3c/webauthn/commit/139405f7388e37f6af60cf2a2d05ef4203aeb0bb * Merge pull request #1986 from w3c/bikeshed-tweaks-2 Tweaks for bikeshed by Matthew Miller https://github.com/w3c/webauthn/commit/a8bf3f5ae9543551799eb6f84105cff7b9a8dc47 * Merge branch 'main' into spk by Adam Langley https://github.com/w3c/webauthn/commit/b2cba32669951cd5420efb0f7579b375861b9fbf * Fix bikeshed warnings post-merge by Adam Langley https://github.com/w3c/webauthn/commit/e168d78ff4e15937c79cc9af7d749dadd329cce3 * Merge pull request #1957 from w3c/spk devicePubKey → supplementalPubKeys by Adam Langley https://github.com/w3c/webauthn/commit/f8163ea38ba03fb2352b5d6730bac6db1225b30a * Clarify validation step for packed attestation certificate for RPs. Addresses #1998 by Shane Weeden https://github.com/w3c/webauthn/commit/d13f46a06ba267d9633e5f86132de8e7818faa1c * Fix incorrect reference in Add Virtual Authenticator by Emil Lundberg https://github.com/w3c/webauthn/commit/a6ee5a0c0a4aacb604b43d14c17613ad25a295dc * Fix references to credential private key that should be credential source See issue #2002: https://github.com/w3c/webauthn/issues/2002 by Emil Lundberg https://github.com/w3c/webauthn/commit/c2ec717da26c7021b64d5e52bc8dfd27ec257907 * Say residentKey and requireResidentKey, not residentKey or requireResidentKey by Emil Lundberg https://github.com/w3c/webauthn/commit/dbf6ca23d8cf8c3399a2ddde86d1222c0ceca023 * Update index.bs agreed Co-authored-by: Emil Lundberg <emil@emlun.se> by Shane Weeden https://github.com/w3c/webauthn/commit/73eb670800e7129a8a15b3d1255baa8f7d7b1173 * Merge pull request #2000 from sbweeden/sweeden_1998 Clarify validation step for packed attestation certificate for RPs. by Shane Weeden https://github.com/w3c/webauthn/commit/065b83648d83c2b4caba83c91051f124b2b63dfa * Merge pull request #1992 from w3c/mm/conditional-ui-autofill-token-order Add note about typical autocomplete combos for conditional UI by Nick Steele https://github.com/w3c/webauthn/commit/2c63082453188ff91cd49101ef4998330d010db5 * Merge pull request #1988 from w3c/add-credprops-to-make Allow use of credProps extension during auth by Nick Steele https://github.com/w3c/webauthn/commit/84feb409dc9bb19675dffd93ecba411682bed31e * Reference CTAP 2.1 errata spec by Michael Jones https://github.com/w3c/webauthn/commit/def2363192f03f073c9c7d07127ea97b348e002b * Disambiguate "this value" in authenticatorDisplayName description See this review comment which still remains unaddressed: https://github.com/w3c/webauthn/pull/1880#discussion_r1323097728 by Emil Lundberg https://github.com/w3c/webauthn/commit/c034bd9624cbe2cfea49079c8c61d32747a58a7c * Update index.bs Co-authored-by: Emil Lundberg <emil@emlun.se> by Michael B. Jones https://github.com/w3c/webauthn/commit/586642dde2252202e03e9b79ed36a537719e8b56 * Merge pull request #2005 from w3c/pr-1880-credProps-authenticatorDisplayName-disambiguate Disambiguate "this value" in authenticatorDisplayName description by Emil Lundberg https://github.com/w3c/webauthn/commit/db0b65998dde9cde0b7ddde13a80399fe22ff95f * Merge pull request #2003 from w3c/issue-2002-non-resident-storage Fix references to credential private key that should be credential source by Adam Langley https://github.com/w3c/webauthn/commit/26da246372d211f454c11c40f668c3dc52fe896c * Merge pull request #2001 from w3c/fix-add-virtual-authenticator-typo Fix incorrect reference in Add Virtual Authenticator by Emil Lundberg https://github.com/w3c/webauthn/commit/27458023863db06c975317d492b759a625124515 * Add backup flags to virtual authenticator (#1999) * Add backup flags to virtual authenticator Allow setting and changing the backup eligibility (BE) and backup state (BS) flags through the virtual authenticator API. Fixed: #1987 Co-authored-by: Emil Lundberg <emil@emlun.se> by Nina Satragno https://github.com/w3c/webauthn/commit/cf353630e40d0ed7e23449d6c0077da89c4738ab * Merge pull request #1991 from w3c/issue-1956-prevent-silent-access Don't define a [[preventSilentAccess]] internal method by Emil Lundberg https://github.com/w3c/webauthn/commit/c639dd57bef843f73b9ed2ece019c2bb2ab0d2eb * Merge pull request #2004 from selfissued/mbj-ctap2.1-errata Reference CTAP 2.1 errata spec by Michael B. Jones https://github.com/w3c/webauthn/commit/a83c7648d81771eb8dac49fc81a1cf67911c6443 * Merge branch 'main' into noatt by Adam Langley https://github.com/w3c/webauthn/commit/06068d0035e3b59b9b9846d3022fb5f1b00a3109 * Update to reflect comments on the PR. by Adam Langley https://github.com/w3c/webauthn/commit/d3bbf9ae64b698aeba8e8097eb3693e9133be0c3 -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 2 January 2024 20:39:45 UTC