- From: Emil Lundberg <noreply@github.com>
- Date: Wed, 27 Nov 2024 03:44:29 -0800
- To: public-webauthn@w3.org
Branch: refs/heads/issue-2210-compound-attStmtTemplate Home: https://github.com/w3c/webauthn Commit: 804cece99aa047cc2c84af0d484e1a357cd88050 https://github.com/w3c/webauthn/commit/804cece99aa047cc2c84af0d484e1a357cd88050 Author: Emil Lundberg <emil@yubico.com> Date: 2024-11-27 (Wed, 27 Nov 2024) Changed paths: M index.bs Log Message: ----------- Fix reference to $$attStmtType in definition of attestation statement formats Commit: e6a998eb823871d7f6f7d51ebd0bfe4b8cdc68d2 https://github.com/w3c/webauthn/commit/e6a998eb823871d7f6f7d51ebd0bfe4b8cdc68d2 Author: Emil Lundberg <emil@yubico.com> Date: 2024-11-27 (Wed, 27 Nov 2024) Changed paths: M index.bs Log Message: ----------- Formalize attStmtTemplate as more correct CDDL I don't think the expression `attStmtTemplate .within $$attStmtType` successfully encodes the intent "Every attestation statement format must have the above fields", for two reasons: it does not define a CDDL rule since it contains no = sign, and even if it did, the `.within` control operator would apply only to the new type defined by that rule, but not to the `attObj` type. CDDL generally makes a distinction between types and groups, and only mentions control operators applying to types, so I don't think we can apply `.within` to `$$attStmtType` directly. This is why we need to duplicate the `authData` field in `attStmtTemplate`. Commit: 9b161676e556d1f855d4bfc3b9819bf32e2227fd https://github.com/w3c/webauthn/commit/9b161676e556d1f855d4bfc3b9819bf32e2227fd Author: Emil Lundberg <emil@yubico.com> Date: 2024-11-27 (Wed, 27 Nov 2024) Changed paths: M index.bs Log Message: ----------- Allow attStmt to be of array type This is required by the new "compound" attestation statement format. Commit: 8b29bec5a3db3f803478403a7ec41c80bec0d28e https://github.com/w3c/webauthn/commit/8b29bec5a3db3f803478403a7ec41c80bec0d28e Author: Emil Lundberg <emil@yubico.com> Date: 2024-11-27 (Wed, 27 Nov 2024) Changed paths: M index.bs Log Message: ----------- Fix .within operator in nonCompountAttStmt [CDDL][1] defines that: >A map matches a specification given as a group when the group matches >a sequence of name/value pairs such that all of these name/value >pairs are present in the map and the map has no name/value pair that >is not covered by the group. Therefore the control `.within { fmt: text .ne "compound" }` forbids any maps that contain additional fields besides `fmt`, which is clearly not what was intended. [1]: https://datatracker.ietf.org/doc/html/rfc8610#section-2.1 Compare: https://github.com/w3c/webauthn/compare/804cece99aa0%5E...8b29bec5a3db To unsubscribe from these emails, change your notification settings at https://github.com/w3c/webauthn/settings/notifications
Received on Wednesday, 27 November 2024 11:44:33 UTC