- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 13 Nov 2024 12:36:49 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by emlun to https://github.com/w3c/webauthn: * Mark Android SafetyNet attestation as deprecated. Google have [announced](https://developer.android.com/privacy-and-security/safetynet/deprecation-timeline) the deprecation of SafetyNet in general, and [specifically for](https://android-developers.googleblog.com/2024/09/attestation-format-change-for-android-fido2-api.html) WebAuthn. This change adds a note in the SafetyNet section that it may be removed in a future revision of the spec. by Adam Langley https://github.com/w3c/webauthn/commit/bcd428d84e3f0094fc75a77aa45985bd4e0ff9f9 * Deprecate rp.name by Emil Lundberg https://github.com/w3c/webauthn/commit/2e2e3c6dc421a89a6801233f724cbd33bc4f0ef5 * Fix CredentialRequestOptions hyperlink by philomathic_life https://github.com/w3c/webauthn/commit/ae49b8200c5fadbbf60be748afee0f96813353d2 * Add aliased link texts for "human palatability" by Emil Lundberg https://github.com/w3c/webauthn/commit/e2ab213df8a99fc976cea08dbde42bfcf6851f3c * Add [credential record/authenticatorDisplayName] handling to RP operations by Emil Lundberg https://github.com/w3c/webauthn/commit/8b137245bcf3667fd2909063eda0411eced38a5c * Fix Unicode example syntax by Emil Lundberg https://github.com/w3c/webauthn/commit/434a77fb9578bc2c5d70a31c60b6588343063e28 * Validate CollectedClientData.crossOrigin in RP ops by Emil Lundberg https://github.com/w3c/webauthn/commit/561144ed0cf95123e66dcf68703db4a3084cd6d3 * Don't return an algorithm from [[DiscoverFromExternalSource]] This initialization of |settings| and |global| is copied from the equivalent steps of [§2.5.4. Create a Credential][1] in CredMan, which sets the arguments used to invoke the |constructCredentialAlg| in WebAuthn's [[Create]]: >Let |settings| be the [current settings object][2]. > >Assert: |settings| is a [secure context][3]. > >Let |global| be |settings|’ [global object][4]. [1]: https://w3c.github.io/webappsec-credential-management/#algorithm-create [2]: https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object [3]: https://html.spec.whatwg.org/multipage/webappapis.html#secure-context [4]: https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global by Emil Lundberg https://github.com/w3c/webauthn/commit/bdcb938b242ff8b7a9ec74f1afdfcc54a14cc3c1 * Acknowledge Simone Onofri and Philippe Le Hégaret as W3C Team Contacts by Emil Lundberg https://github.com/w3c/webauthn/commit/9e0fe6ae6f8484007d8df50fe45f6b26d88a205f * Acknowledge Zack Newman for reviews and contributions by Emil Lundberg https://github.com/w3c/webauthn/commit/3b5a8d1e253f0eff76f26ee5d20d472d1c710520 * Add test vectors for PRF extension by Emil Lundberg https://github.com/w3c/webauthn/commit/37dacdae7de4a08b08b99a10843c37fb7babb418 * Apply review suggestion Co-authored-by: Adam Langley <agl@google.com> by Emil Lundberg https://github.com/w3c/webauthn/commit/fe68eaec8f4402d98c329deb737a8766d90035b9 * Add userName and userDisplayName to webdriver This PR adds the userName and userDisplayName properties to the webdriver's credential parameters. These properties are useful to test the new signalCurrentUserDetails method, both on WPTs and for web developers. Closes #2143 by Nina Satragno https://github.com/w3c/webauthn/commit/96ed2bd5dbbc6aa66e9ea7b9adf3a8c66ec260e0 * Merge pull request #2173 from w3c/issue-2170-ack-zacknewman Acknowledge Zack Newman for reviews and contributions by Emil Lundberg https://github.com/w3c/webauthn/commit/333861889d0840806d6db2ea334d154dc19bc59a * Merge pull request #2171 from w3c/ack-simoneonofri-plehegar Acknowledge Simone Onofri and Philippe Le Hégaret as W3C Team Contacts by Emil Lundberg https://github.com/w3c/webauthn/commit/8da6300be11ed30d362b01fcc670f87bea57dac7 * Merge pull request #2161 from zacknewman/CredentialRequestOptions-hyperlink Fix CredentialRequestOptions hyperlink by Emil Lundberg https://github.com/w3c/webauthn/commit/bd799352b8efc8af773868010eba926b414770bb * Merge pull request #2155 from w3c/safetynetdeprecate Mark Android SafetyNet attestation as deprecated. by Emil Lundberg https://github.com/w3c/webauthn/commit/5831a2c9b2cc7765a24309f14db027a6f1bffa65 * Use <xmp> instead of <pre>, fixing CDDL highlighting Using <pre> causes some single quotes in the CDDL examples to be converted into "’" (U+2019) instead of "'" (U+0027), which is incorrect CDDL and also breaks the CDDL syntax highlighting. See the [Bikeshed documentation][1] for more on using `<xmp>`. [1]: https://speced.github.io/bikeshed/#xmp by Emil Lundberg https://github.com/w3c/webauthn/commit/ebfe871f78f5d5be6cefecabf5a723b119dacae2 * Consistently use <xmp> instead of <pre> for code examples Using `<pre>` sometimes causes some characters to be converted into others. This is especially apparent in CDDL examples, where for example the first single quote in `foo = h'001122'` gets converted into "’" (U+2019) instead of "'" (U+0027), which is incorrect and also breaks CDDL syntax highlighting. See the [Bikeshed documentation][1] for more on using `<xmp>`. [1]: https://speced.github.io/bikeshed/#xmp by Emil Lundberg https://github.com/w3c/webauthn/commit/41c514f6e1db4b4aaba77c3145990f0f99c5bd7b * Fix syntax highlighting tags by Emil Lundberg https://github.com/w3c/webauthn/commit/ef54852bf773d82174798bfff3e87469380db325 * Use 0x0a instead of 0x10 as 11th test vector PRNG index by Emil Lundberg https://github.com/w3c/webauthn/commit/c2395cbbb6351654ef1a2d40ceba252ca73d4683 * Fix order of middle bytes in Uint32Array example by Emil Lundberg https://github.com/w3c/webauthn/commit/b953fed1340f3c97096444960c6107c07cebb442 * Escape single quote in CDDL-style byte string literal in <code> by Emil Lundberg https://github.com/w3c/webauthn/commit/a23151753ccc9857a00831250b196828c84907e3 * Address #2172 by Shane Weeden https://github.com/w3c/webauthn/commit/85717cce29586ec9fec3bf75bbb00da8ee39e4c6 * Merge pull request #2159 from w3c/issue-2121-rp-name Deprecate rp.name by Shane Weeden https://github.com/w3c/webauthn/commit/1e2256dae3c7f0dedc2f87ff66494c6b3f274518 * Fix create-to-get copy-paste error by Emil Lundberg https://github.com/w3c/webauthn/commit/aa8728aa5504769fce9c0fe765a8815f0a77e24b * Move <dfn> of [[Create]] to heading like [[DiscoverFromExternalSource]] by Emil Lundberg https://github.com/w3c/webauthn/commit/70fb37a378e50943f1652195d7420452f061807c * Extract macros for referring to [[Create]] and [[DiscoverFromExternalSource]] This also fixes some inconsistencies in parameter lists between references to these methods. by Emil Lundberg https://github.com/w3c/webauthn/commit/6744192e08e90fd90f2636e0ad076d19daf8e132 * Merge pull request #2165 from w3c/issue-1641-unicode-syntax Fix Unicode example syntax by Emil Lundberg https://github.com/w3c/webauthn/commit/386ad79021e52c2ef660009e54b13e5f1ba91625 * Drop definition "User Credential" unused since 2ec45f8b34638b0c62bb4208507bc4a76cd0ef4f by Emil Lundberg https://github.com/w3c/webauthn/commit/5887b9f253fcc738db8a5c66818bb3ad954bc84f * Fix typo in reference to variable |effectiveDomain| Fixes this Bikeshed lint: ``` LINE ~3100: The var 'effective domain' (in global scope) is only used once. If this is not a typo, please add an ignore='' attribute to the <var>. ``` by Emil Lundberg https://github.com/w3c/webauthn/commit/1fcb7aad5898035244ecc26a96da3074e8d6a516 * Add warning about sending PRF outputs to server by Emil Lundberg https://github.com/w3c/webauthn/commit/8c6827e6b9dd1dc602b0bb2aad40fab95c75118f * Remove apparent reference to non-existent [[Get]] internal method by Emil Lundberg https://github.com/w3c/webauthn/commit/39da7b119eabee3b75529586712f28be22cf51de * Change "Method" to "Internal Method" in headings where appropriate by Emil Lundberg https://github.com/w3c/webauthn/commit/c258674eceafbb05545f596cb37b3703b3fbc931 * Simplify reference to default [[CollectFromCredentialStore]] by Emil Lundberg https://github.com/w3c/webauthn/commit/8d76185ae7b8c0a3069872fbd1f8d3789b5bfb94 * Add reference to #sctn-discover-from-external-source from discussion of get() internals by Emil Lundberg https://github.com/w3c/webauthn/commit/068d7f56764c6a48d7de74f7fcf99267a2b726b1 * Merge pull request #2180 from w3c/issue-2169-no-credman-get Remove apparent reference to non-existent [[Get]] internal method by Michael B. Jones https://github.com/w3c/webauthn/commit/9942c9cefccb1d5006bb104a61b22e8faae4423b * Merge pull request #2179 from w3c/internal-method-macros Extract macros for referring to [[Create]] and [[DiscoverFromExternalSource]] by Michael B. Jones https://github.com/w3c/webauthn/commit/b253c3b1e4ddfbb9575c8a9677d9126d8d13017d * Merge pull request #2175 from w3c/example-code-xmp Fix encoding and syntax highlighting of example code by Michael B. Jones https://github.com/w3c/webauthn/commit/cfa73332d4aeed226074903ae09508cb2b39177a * Merge pull request #2174 from w3c/issue-2088-prf-test-vectors Add test vectors for PRF extension by Nick Steele https://github.com/w3c/webauthn/commit/d9204428c6d92ec1a0712110939cdf8156bc1818 * Merge pull request #2168 from w3c/issue-1984-get-return-alg Don't return an algorithm from [[DiscoverFromExternalSource]] by Nick Steele https://github.com/w3c/webauthn/commit/9f20a4d3a7fa8163432627f7b909e5c6871211f0 * Merge pull request #2182 from w3c/lint-var-effective-domain Fix typo in reference to variable |effectiveDomain| by Michael B. Jones https://github.com/w3c/webauthn/commit/1fcb5c2cef539021f7ed9339753b886475feb69e * Merge pull request #2181 from w3c/lint-unused-def-user-credential Drop definition "User Credential" unused since PR #2109 by Michael B. Jones https://github.com/w3c/webauthn/commit/7e716a14c14eeecd3dd26b871eb713c194fc1e01 * Update index.bs accepting line breaks as elum suggested Co-authored-by: Emil Lundberg <emil@emlun.se> by Shane Weeden https://github.com/w3c/webauthn/commit/8c2cfdd4a7e6fec4eef91c31f2b0fc0ef972eef6 * Merge pull request #2176 from sbweeden/sweeden_2172 Non-incrementing signature counters could be due to race condition by Shane Weeden https://github.com/w3c/webauthn/commit/3154b78e210e6e498b8a34daa587f9159ca6ad2f * Merge branch 'main' into issue-2156-rp-ops-authenticatorDisplayName by Emil Lundberg https://github.com/w3c/webauthn/commit/43697f7e388b8d995b55dfde19a83a45c723a67c * Merge pull request #2163 from w3c/issue-2156-rp-ops-authenticatorDisplayName Add [credential record/authenticatorDisplayName] handling to RP operations by Emil Lundberg https://github.com/w3c/webauthn/commit/d6b0d2cedc94865c7ff6141417b628e7600e767f * Merge pull request #2166 from w3c/issue-2113-rp-ops-crossOrigin Validate CollectedClientData.crossOrigin in RP ops by Emil Lundberg https://github.com/w3c/webauthn/commit/3c506d45dc133046028f8dec18eb8ab77d6e1fbd * Merge pull request #2183 from w3c/issue-2178-prf-warning Add warning about sending PRF outputs to server by Emil Lundberg https://github.com/w3c/webauthn/commit/406ec42a3b8667405f4b9056efa49808c0f5aaac * Merge branch 'main' into issue-1711-ext-proc-before-sig-verify by Emil Lundberg https://github.com/w3c/webauthn/commit/34b98ecedf2b80ab7114ef80b2c662755977166c -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 13 November 2024 12:36:50 UTC