[webauthn] new commits pushed by MasterKale from Matthew Miller via GitHub on 2024-01-03 (public-webauthn@w3.org from January 2024)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Wed, 03 Jan 2024 23:10:51 +0000
To: public-webauthn@w3.org
Message-ID: <push-a856b6da966cbce9029a54ad6344237fe862c803-1704323448-sysbot+gh@w3.org>
The following commits were just pushed by MasterKale to https://github.com/w3c/webauthn:

* Merge pull request #1 from w3c/master

Up to date
  by Ki-Eun Shin
https://github.com/w3c/webauthn/commit/bda342301902bed232cc51e60a30c4b732e9e7d9

* Extract recommended timeout ranges and defaults to new accessibility cons section
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/cc1a9ba6f413723594397fa2aba705aaf218d241

* Recommend duration of challenge validity
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b6e3232386c77e2819ea37b4e9ae0922326bf064

* Add userDisplayName and vendorDisplayName to credProps
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/29a869282e8b608b6aae2eb192d47881d1ea386c

* Merge userDisplayName and vendorDisplayName into authenticatorDisplayName
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d2b4dd72c7e8704e47eb8c5b1a1b72d78157f556

* Rename credential record displayName to authenticatorDisplayName
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8dd71903a34b2d85de97ea23c0f71718ec58b568

* Add a `hints` element for both `create` and `get`.

As discussed at the face-to-face meeting of the working group on
2023-04-21, this change adds a `hints` element to both sets of options
in order to allow sites to guide user agents in how best to complete the
request.
  by Adam Langley
https://github.com/w3c/webauthn/commit/ef8630c91f8d074ae51b5c03662d99c9ecd2eb5c

* Apply suggestions from code review

Co-authored-by: Emil Lundberg <emil@yubico.com>
  by Adam Langley
https://github.com/w3c/webauthn/commit/44e5b9f8e7de7991ae6dc4f20c004eb034729dee

* Various updates
  by Adam Langley
https://github.com/w3c/webauthn/commit/c2a7fe45fd6b0b3c5c29285859bdacfb547a1835

* Update hints PR to reflect WG discussions.
  by Adam Langley
https://github.com/w3c/webauthn/commit/cd4bded4fdbb6d094a2d698dc4b2b5221ef221b3

* Assert that be:0+bs:1 is bad during create()
  by Matthew Miller
https://github.com/w3c/webauthn/commit/615e8e6f71989075ebc79b6ed4ba3f8d8e10d3f1

* Assert be:1->be:0 or be:0+bs:1 are bad from get()
  by Matthew Miller
https://github.com/w3c/webauthn/commit/72ef9bb536790529e304ad64370820ffa6c6e703

* Require `be` not to change after .get()
  by Matthew Miller
https://github.com/w3c/webauthn/commit/d8b42fe6f9dd5a9f0bc78ca5c21ccf9181241a17

* Merge branch 'main' into issue-1848-challenge-timeout
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c36459fd16974023713443b7827a196daa1e6f34

* Disambiguate [=Window=] links as {{Window}}
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/7b1099fda3c8e019ae53994b8da28877bc50c8e2

* Make consistent the check for be:0,bs:1 during reg
  by Matthew Miller
https://github.com/w3c/webauthn/commit/8a04cf78bf75df098d93b0c06a888f81de861506

* Enforce rejection of be:0,bs:1 during auth
  by Matthew Miller
https://github.com/w3c/webauthn/commit/3e0395f5d5cdb6cac5b814ef9492be2f803f8897

* Explicitly require userHandle to be supplied during assertion ceremonies with empty allowCredentials list and enhance description and uses of userHandle
  by Shane Weeden
https://github.com/w3c/webauthn/commit/0553e3176de123fec7fb66b17c56867d97faf5cb

* Accept suggested from @emlun

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Shane Weeden
https://github.com/w3c/webauthn/commit/ce3e33e959a3b349222cd6a8645d68eb0b20282b

* Accept suggested from @emlun

remove whitespace

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Shane Weeden
https://github.com/w3c/webauthn/commit/39c1354f618cc40a9f8eb0845083b16fa28fee25

* Acc

remove whitespace

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Shane Weeden
https://github.com/w3c/webauthn/commit/836dfb54fe443fab038a81cf9a54913fc4c3de77

* Accept suggested from @emlun

Remove whitespace

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Shane Weeden
https://github.com/w3c/webauthn/commit/a165fabf8955c3d14e086f9329e4c475763a5acf

* Merge branch 'w3c:main' into master
  by Ki-Eun Shin
https://github.com/w3c/webauthn/commit/0252205b95ab130af3a235bdf37499eeda3f49bc

* Clarify that the platform authenticator must be local.

Since hybrid allows remote platform authenticators to be used, the
previous wording was potentially ambiguous.
  by Adam Langley
https://github.com/w3c/webauthn/commit/c5064efd6780bafc35597abdba082d625408de6f

* Remove redundant step
  by Matthew Miller
https://github.com/w3c/webauthn/commit/4514f5fcefa2c8d8e23fbd8e8b1cbc3990ce959d

* "client device" -> "local device"

I missed, when looking that the spec has a definition for "client
device" already. Based on discussions in the WG, we want to use the
already-defined term rather than invent a new alias.
  by Adam Langley
https://github.com/w3c/webauthn/commit/5e60df6e2821e5521e1ae4d9bdf238e56214f56e

* Add missing fields in dictionaries for JSON representation
  by Kieun
https://github.com/w3c/webauthn/commit/0f99bad4940e0d054351f7a87f8a8b5d3ff04b68

* Add security consideration section "Validating the origin of a credential"
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/91357673ef2c41cefb12241dc105babb034df28f

* Update Authenticator definition
  by Nick Steele
https://github.com/w3c/webauthn/commit/1047330cfa49398966ee91e437a74b4492d96270

* Explain why RP origin validation helps even with scoping rules
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/5ecbf2876fa7f327338d71e05e3ff115334ec327

* Emphasize user.name as primary identifier
  by Matthew Miller
https://github.com/w3c/webauthn/commit/ec9dd1b96bdaefc618fdd6e2ed5cc33fdc9c6183

* Define intended use case for displayName
  by Matthew Miller
https://github.com/w3c/webauthn/commit/a87aa308a3a7e44c8ac9e9fec1de3fd15a2c0aa7

* update with feedback
  by Nick Steele
https://github.com/w3c/webauthn/commit/aff97c2f20ee244e436a1de7df2aea90226b0a3f

* Clarify that displayName can be the same as name
  by Matthew Miller
https://github.com/w3c/webauthn/commit/f09e3d8cea148765c5d634b283e9cc81f583ee6e

* Trim line length
  by Matthew Miller
https://github.com/w3c/webauthn/commit/c24ac18d5ecc27e3a8e3350b7c391ba5c60cab66

* Fix line length for `name`
  by Matthew Miller
https://github.com/w3c/webauthn/commit/ea2241817ecd2e43d11c368d4afe3136e855e0a1

* Tweak `displayName` based on feedback
  by Matthew Miller
https://github.com/w3c/webauthn/commit/074be7fa540c50a2e5b2bad117f8aef1ee3297db

* Merge pull request #1907 from w3c/1791-enforce-be-bs-flag-states

Define RP processing of be and bs flags during `.create()` and `.get()`
  by Matthew Miller
https://github.com/w3c/webauthn/commit/6b68667f163e36d8546b37832b77b8945f97a4b2

* Merge pull request #1911 from w3c/issue-1910-disambiguate-window-link

Disambiguate [=Window=] links as {{Window}}
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/409421b7be1435ebeca72b7d5147b74655a8deb2

* Try to tweak wording to emphasize name
  by Matthew Miller
https://github.com/w3c/webauthn/commit/03937f40adebdd2970c99edc1fd4bf844ecd0b46

* Apply emlun's suggestion.

Co-authored-by: Emil Lundberg <emil@yubico.com>
  by Adam Langley
https://github.com/w3c/webauthn/commit/eaa92273c6e1f3b873a8d265c4c18502f5cfce23

* Merge pull request #1931 from w3c/nsteele-authntctr-def-1743

Update Authenticator Definition
  by Nick Steele
https://github.com/w3c/webauthn/commit/84ef4ac95962af8e6f7e1ef2220d08e9f9dc5db7

* Merge pull request #1930 from w3c/issue-1889-clarify-origin-matching

Add security consideration section "Validating the origin of a credential"
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/0a59b6233cf242497de50f14ef349eae40869f2b

* Merge pull request #1920 from Kieun/kieun-1918

Add missing fields in dictionaries for JSON representation
  by Adam Langley
https://github.com/w3c/webauthn/commit/98214b0f0b3abf056fd4880558e7b9f17773661a

* Merge pull request #1914 from sbweeden/sbweeden_1892_and_1909

Address description of uses, and requirements for supplying userHandle
  by Nick Steele
https://github.com/w3c/webauthn/commit/bd68fbf48628349b1c63f6410337045228d79a65

* Delete outdated note about checking registration UV with PRF extension
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/7b877b61af9c68415dd630d6da59a90e29927f99

* Fix inconsistent usage of options variable
  by Kieun
https://github.com/w3c/webauthn/commit/4800133de6cf06cb926106f35203fe5beb651598

* Suggest empty string for displayName when needed
  by Matthew Miller
https://github.com/w3c/webauthn/commit/6b9a84020ce47408c3c85cc382b04eb000d9a67b

* Streamline user.name definition and add examples
  by Matthew Miller
https://github.com/w3c/webauthn/commit/7068cfa7dc9e83e846ada183517e0e1e9c2d2679

* Merge branch 'main' into hints
  by Adam Langley
https://github.com/w3c/webauthn/commit/424e917fdb2175cb6501a19324061633c7084afe

* Merge pull request #1884 from w3c/hints

Add a `hints` element for both `create` and `get`.
  by Adam Langley
https://github.com/w3c/webauthn/commit/410d0f7ccf601c1e6eb8ab87d18e260ac430daff

* initial text for compound attestation format
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/11429cae438320986d5160ccb56cdc0fd8f45437

* rogue text change
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/ae0786dc96b5fa140a108e1a7af47a03584f6f37

* Remove outdated spec reference anchors
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/f6bbe7727be0c64a4ad632f72bffdec789b891ad

* Link to our implementation of [[Store]], as described
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/a2cec5bb9676bf185d95d441b43d4b8406fb0339

* Reference Credential/[[Store]] in our implementation of it
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/125c495dfcb109abf35432a9c7a3c686de447ff6

* Pluralize implementations
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/235ab6e3714d840e2fcc9cac65e93c78e6e83ac4

* add validation failure text
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/3f576ed2d3f856e20af4714023cd47e1835563f8

* Singularize "implementation of each of [methods]"
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d3325e6165f3d7cfc40507582e57138c073266b9

* Tweak examples based on feedback
  by Matthew Miller
https://github.com/w3c/webauthn/commit/aefe8f2d4ae2fe9020063618019742efe40c630f

* Merge pull request #1955 from w3c/issue-1794-broken-refs

Fix broken spec references
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/40be3dbfbfefc151a6ffb59d8ef902a324028585

* Remove `devicePubKey` extension.
  by Adam Langley
https://github.com/w3c/webauthn/commit/04dd9e842540167d86791775972389e5f3022389

* Add `supplementalPubKeys` extension.

This extension is very similar the previous `devicePubKeys` extension.
The difference is that `supplementalPubKey` allows for one _or two_
supplemental keys, and while supplemental keys can be device bound, they
can also have "provider" scope, which is defined by their attestation
statement.
  by Adam Langley
https://github.com/w3c/webauthn/commit/b7c3b0ee62d92a2c776a55fe011b2320058fc5df

* Reference CTAP 2.1 Proposed Standard
  by Michael Jones
https://github.com/w3c/webauthn/commit/efe2c283862dcce0503e2e1d28859453ea4bd763

* Merge pull request #1961 from selfissued/mbj-reference-ctap2.1

Reference CTAP 2.1 Proposed Standard
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/ce19de7474a8b85a083b6efe1b94e14fa692b1be

* Merge pull request #1944 from w3c/prf-always-uv

Delete outdated note about checking registration UV with PRF extension
  by Nick Steele
https://github.com/w3c/webauthn/commit/db2629522c1083227cb227a6f0b78a6b47e71091

* Merge pull request #1932 from w3c/1852-emphasize-user-name

Clarify distinction between PublicKeyCredentialUserEntity name and displayName
  by Matthew Miller
https://github.com/w3c/webauthn/commit/58d60d0eee4418531db98973bca5e6382c62de09

* any attestation type in spec
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/21ae2d18bfcef93b1d26fcce0e63218a4ad26345

* add must have two or more
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/9bd2a6b6f9044178946259cd24c73ed210af728d

* rouge word
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/36951f6e291a602cda9b826a077094026b1b4ac2

* Swap out union type for object w/comment
  by Matthew Miller
https://github.com/w3c/webauthn/commit/8af03856e29d68ecd93d75bca9a1c003789a1a5c

* update and link to working AAGUID definition
  by Nick Steele
https://github.com/w3c/webauthn/commit/c7de61bc0b23270553dcf8ae8a31a280f4216e1c

* Merge pull request #1948 from Kieun/kieun-1947

Fix inconsistent usage of options variable
  by Adam Langley
https://github.com/w3c/webauthn/commit/baf774ade7f70efe4fb2a361e50d618e1f956ff1

* address Mike's comment about IANA reference
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/ed80f71d6b7d09aba41e05dcb8a6e1698a69e569

* add for
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/b5a7fcd87b2c8f6c0b6281463ea321e86c7aa86b

* Remove the requirement that SPK be used only with backup eligible credentials.

(Based on the WG discussion of 2023-09-20.)
  by Adam Langley
https://github.com/w3c/webauthn/commit/f5ea861fdc41f9bf2ee2238d46acd9247b12efc3

* Highlight that filtering all pubKeyCredParams is an error.

While this is specified in the [algorithm steps][REF], it's arguably
subtle and surprising and thus worth calling out.

[REF]: https://w3c.github.io/webauthn/#ref-for-dom-publickeycredentialdescriptor-type%E2%91%A0
  by Adam Langley
https://github.com/w3c/webauthn/commit/254d007aabe8817341ea66c1576aae67e504944d

* Add myself to the contributors
  by Kieun
https://github.com/w3c/webauthn/commit/3d2a5931775ea76c97adb60682457e2914741569

* When installing the newest version of bikeshed, the spec does not compile. This commit fixes it.
  by Pascoe
https://github.com/w3c/webauthn/commit/4207bdd7a2eebbb1e0180e5b5de2a111a6dbc25e

* Merge pull request #1975 from pascoej/fix-bikeshed-compile

Fix the bikeshed build
  by Pascoe
https://github.com/w3c/webauthn/commit/3350ac74c9fde6b2b3f1ab5c9494c48c4266bf91

* Merge pull request #1973 from Kieun/add-myself-as-contributor

Add myself to the contributors
  by Matthew Miller
https://github.com/w3c/webauthn/commit/77654c941d0f10ea8ee8ab978261c4b2f05fc97f

* Update capitalisation as requested.
  by Adam Langley
https://github.com/w3c/webauthn/commit/0b011e6c677ba2bb9f260ddba517df1724fbcab1

* Remove [SameObject] attribute from PublicKeyCredential.authenticatorAttachment
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b4b13904c5524dfd057afe1fe4a4e1a98a696428

* Update GitHub Actions workflow

- Update the Ubuntu image to its latest LTS release.
- Update the `actions/checkout` action to its latest stable release.
  by Mohammed Keyvanzadeh
https://github.com/w3c/webauthn/commit/468e8540bc7b988a4e50dc43dad3c33c8d3a04e7

* Retain autolinks to aaguid field of attested credential data
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/39f4984f9fe7f5bf2165f568071698df9a8a59b6

* Fix [=[RP]=] autolink
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d36a4ddc987777eb6fe2eec43d9a88af1291db62

* Merge pull request #1971 from w3c/emptyallowlist

Highlight that filtering all pubKeyCredParams is an error.
  by Adam Langley
https://github.com/w3c/webauthn/commit/f1475bd96604ca6d41cd7ab5f475b2005486bbed

* Resolve Tim's Nit
  by Nick Steele
https://github.com/w3c/webauthn/commit/2b9670ca96f9d0336d65ffbddbab6375091cd115

* attestation types support to any

Co-authored-by: Emil Lundberg <emil@yubico.com>
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/175ee6180520e5075e6c9f8aea3c024d08dd82bd

* Tweaks for bikeshed
  by plehegar
https://github.com/w3c/webauthn/commit/4b49caa8334a206790442d1de726f86fd849d4b5

* Merge pull request #1981 from w3c/issue-1977-sameobject

Remove [SameObject] attribute from PublicKeyCredential.authenticatorAttachment
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/50d8b655c192ebe1ca4074ea58fff25008410ead

* Update wording for verification
  by Nick Steele
https://github.com/w3c/webauthn/commit/89bee48c39b50b5ca775fed5d5f5223ab0118044

* Merge pull request #1969 from w3c/mm-1958-fix-publickeycredentialjson-webidl

Fix broken PublicKeyCredentialJSON WebIDL definition
  by Matthew Miller
https://github.com/w3c/webauthn/commit/a824429227336d8ce7d13cb12510731e2d514792

* Update CDDL to be more explicit

Co-authored-by: Emil Lundberg <emil@yubico.com>
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/108db9919ddd92a7856d7d85ec34ca5f3edd873d

* Merge pull request #1983 from VoltrexKeyva/update-workflow

Update GitHub Actions workflow
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/b59b425aa95abc7aa9215c82fd1b8873f0d50098

* Merge branch 'update-aaguid-def' into update-aaguid-def-retain-authdata-def
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/4fd5ec1c10ab20b4d0abacdbe0457103e80e5575

* Merge pull request #1985 from w3c/update-aaguid-def-retain-authdata-def

[meta-PR] Retain both aaguid definitions
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/383b03661b8cb4ee3790b0c59d9ab334de9d344f

* Add more complete logic for individual attestation verification via Emil

Co-authored-by: Emil Lundberg <emil@yubico.com>
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/e0a4f31b2a56b841f1511dbb1d7c125c8aa2030f

* Merge pull request #1950 from w3c/tc-att-compound

Add `compound` attestation format
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/d9bdee4d96a2d225907aee25190a965843e5b14d

* Merge pull request #1970 from w3c/update-aaguid-def

update and link to working AAGUID definition
  by Nick Steele
https://github.com/w3c/webauthn/commit/14eca3a56b1a62e7d334e6d287ede3d19b1bf0f9

* Merge pull request #1880 from w3c/credProps-displayNames

Add authenticatorDisplayName to credProps
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/28d90b20ab307cde506d193ddb466e340804019f

* Initial effort to allow credProps use during auth
  by Matthew Miller
https://github.com/w3c/webauthn/commit/76e88e1d80947284a422894fe81d686f478ed67b

* Don't define a [[preventSilentAccess]] internal method

Fixes issue #1956.
https://github.com/w3c/webauthn/issues/1956
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2803185b119e629012f5bff58fc3f60f8a7cce4b

* Incorporate PR feedback
  by Matthew Miller
https://github.com/w3c/webauthn/commit/bd5ff7a18da497adaa2467411991200f36a3e4c3

* Restore rk instructions into client processing
  by Matthew Miller
https://github.com/w3c/webauthn/commit/5025ea2e0445f5023030929382ee9b18491b74df

* Change "will" to "will likely".

(Addressing Tim's comment.)
  by Adam Langley
https://github.com/w3c/webauthn/commit/24dd8e97fd19ce256f5e03658608d4a6491081c9

* Add note about typical autocomplete combos
  by Matthew Miller
https://github.com/w3c/webauthn/commit/ea6e598899bcba6da6cf7df585cf8ec630c65acb

* Try to generate valid HTML
  by Matthew Miller
https://github.com/w3c/webauthn/commit/f120690a4a3a98240ae930c341099d9cdb0ec1cc

* Align credProps output reference with other extensions
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/1d2d52152a46b0d3e2f9fb7bbf9558a5858b84a0

* Add credProps client processing step to set authenticatorDisplayName
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2472df637429f96be24dcb361df087c1cbaa50bb

* Apply emlun's changes from code review

Co-authored-by: Emil Lundberg <emil@yubico.com>
  by Adam Langley
https://github.com/w3c/webauthn/commit/462113c4892dc9f80fbb67c453be11f6940061bc

* Say "PubKeys" not "PublicKeys"

The extension name uses "PubKeys" but some of the structures said
"PublicKeys". Be consistent.
  by Adam Langley
https://github.com/w3c/webauthn/commit/d39e8b5e276eed21e710e98db3c035ef8fde7c3e

* Merge pull request #1995 from emlun/add-credprops-to-make

Add credProps client processing step to set authenticatorDisplayName
  by Matthew Miller
https://github.com/w3c/webauthn/commit/22aa6ff6458bc7c57767e2a5909e511ec07dd5ec

* Incorporate PR feedback
  by Matthew Miller
https://github.com/w3c/webauthn/commit/5c7ca4d9ae384ed6c0b8f61cf9c0ae11c2a59153

* Address more of emlun's comments.
  by Adam Langley
https://github.com/w3c/webauthn/commit/72b78b5a40922a69b51ed38d5ed0e2cffe9c5ba5

* authHash -> authData typo fix.
  by Adam Langley
https://github.com/w3c/webauthn/commit/cf3ca3a479e939011dc2e5f18b69d34a5a61852f

* Enable linking to non-autofill credential type
  by Matthew Miller
https://github.com/w3c/webauthn/commit/228a1f8a9227988c0812628803dfabfd8b0feb3d

* Update other instances of the SPK attestation prefix.
  by Adam Langley
https://github.com/w3c/webauthn/commit/9cf1634c5ee5bad49c892c044cd008a5ee2096d6

* Merge pull request #1855 from w3c/issue-1848-challenge-timeout

Recommend duration of challenge validity
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d4510f85116130c2bb2f2e9f6bd21819db111c51

* Explicitly mention that these are examples
  by Matthew Miller
https://github.com/w3c/webauthn/commit/139405f7388e37f6af60cf2a2d05ef4203aeb0bb

* Merge pull request #1986 from w3c/bikeshed-tweaks-2

Tweaks for bikeshed
  by Matthew Miller
https://github.com/w3c/webauthn/commit/a8bf3f5ae9543551799eb6f84105cff7b9a8dc47

* Merge branch 'main' into spk
  by Adam Langley
https://github.com/w3c/webauthn/commit/b2cba32669951cd5420efb0f7579b375861b9fbf

* Fix bikeshed warnings post-merge
  by Adam Langley
https://github.com/w3c/webauthn/commit/e168d78ff4e15937c79cc9af7d749dadd329cce3

* Merge pull request #1957 from w3c/spk

devicePubKey → supplementalPubKeys
  by Adam Langley
https://github.com/w3c/webauthn/commit/f8163ea38ba03fb2352b5d6730bac6db1225b30a

* Clarify validation step for packed attestation certificate for RPs. Addresses #1998
  by Shane Weeden
https://github.com/w3c/webauthn/commit/d13f46a06ba267d9633e5f86132de8e7818faa1c

* Fix incorrect reference in Add Virtual Authenticator
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/a6ee5a0c0a4aacb604b43d14c17613ad25a295dc

* Fix references to credential private key that should be credential source

See issue #2002: https://github.com/w3c/webauthn/issues/2002
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c2ec717da26c7021b64d5e52bc8dfd27ec257907

* Say residentKey and requireResidentKey, not residentKey or requireResidentKey
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/dbf6ca23d8cf8c3399a2ddde86d1222c0ceca023

* Update index.bs

agreed

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Shane Weeden
https://github.com/w3c/webauthn/commit/73eb670800e7129a8a15b3d1255baa8f7d7b1173

* Merge pull request #2000 from sbweeden/sweeden_1998

Clarify validation step for packed attestation certificate for RPs.
  by Shane Weeden
https://github.com/w3c/webauthn/commit/065b83648d83c2b4caba83c91051f124b2b63dfa

* Merge pull request #1992 from w3c/mm/conditional-ui-autofill-token-order

Add note about typical autocomplete combos for conditional UI
  by Nick Steele
https://github.com/w3c/webauthn/commit/2c63082453188ff91cd49101ef4998330d010db5

* Merge pull request #1988 from w3c/add-credprops-to-make

Allow use of credProps extension during auth
  by Nick Steele
https://github.com/w3c/webauthn/commit/84feb409dc9bb19675dffd93ecba411682bed31e

* Reference CTAP 2.1 errata spec
  by Michael Jones
https://github.com/w3c/webauthn/commit/def2363192f03f073c9c7d07127ea97b348e002b

* Disambiguate "this value" in authenticatorDisplayName description

See this review comment which still remains unaddressed:
https://github.com/w3c/webauthn/pull/1880#discussion_r1323097728
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c034bd9624cbe2cfea49079c8c61d32747a58a7c

* Update index.bs

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/586642dde2252202e03e9b79ed36a537719e8b56

* Merge pull request #2005 from w3c/pr-1880-credProps-authenticatorDisplayName-disambiguate

Disambiguate "this value" in authenticatorDisplayName description
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/db0b65998dde9cde0b7ddde13a80399fe22ff95f

* Merge pull request #2003 from w3c/issue-2002-non-resident-storage

Fix references to credential private key that should be credential source
  by Adam Langley
https://github.com/w3c/webauthn/commit/26da246372d211f454c11c40f668c3dc52fe896c

* Merge pull request #2001 from w3c/fix-add-virtual-authenticator-typo

Fix incorrect reference in Add Virtual Authenticator
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/27458023863db06c975317d492b759a625124515

* Add backup flags to virtual authenticator (#1999)

* Add backup flags to virtual authenticator

Allow setting and changing the backup eligibility (BE) and backup state
(BS) flags through the virtual authenticator API.

Fixed: #1987 

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Nina Satragno
https://github.com/w3c/webauthn/commit/cf353630e40d0ed7e23449d6c0077da89c4738ab

* Merge pull request #1991 from w3c/issue-1956-prevent-silent-access

Don't define a [[preventSilentAccess]] internal method
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c639dd57bef843f73b9ed2ece019c2bb2ab0d2eb

* Merge pull request #2004 from selfissued/mbj-ctap2.1-errata

Reference CTAP 2.1 errata spec
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/a83c7648d81771eb8dac49fc81a1cf67911c6443

* Merge branch 'main' into tc-clientfeatmethod

# Conflicts:
# index.bs
  by Matthew Miller
https://github.com/w3c/webauthn/commit/75b9061cf2c9e58fc2d3cfa703cdf55de855be1a

* Replace "maplike" with "record"
  by Matthew Miller
https://github.com/w3c/webauthn/commit/a3fd6fda1167d563a8d64c5e5a52525cc1954629

* Switch to camelCase for capability names
  by Matthew Miller
https://github.com/w3c/webauthn/commit/a856b6da966cbce9029a54ad6344237fe862c803



-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 3 January 2024 23:10:55 UTC