[webauthn] new commits pushed by timcappalli from Tim Cappalli via GitHub on 2025-01-15 (public-webauthn@w3.org from January 2025)

From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
Date: Wed, 15 Jan 2025 17:24:38 +0000
To: public-webauthn@w3.org
Message-ID: <push-89f1be9c31a889df824f41ea650d127166b47ac6-1736961871-sysbot+gh@w3.org>
The following commits were just pushed by timcappalli to https://github.com/w3c/webauthn:

* Initial packed enterprise attestation requirements.
  by David Waite
https://github.com/w3c/webauthn/commit/bd15e8bdfad1becc7c7be606bcf83b4b09862791

* Clarify TPM attestation verification instructions
  by Shane Weeden
https://github.com/w3c/webauthn/commit/c92aec35494e1df431ee558d0b593ad6b2904dd1

* Remove non-enterprise sepcific firmware version

This is separately proposed for general packed attestation verification.
  by David Waite
https://github.com/w3c/webauthn/commit/6298db7ecdceb639e63037d5729edce86bfe049b

* abbreviate and link "RPs"

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by David Waite
https://github.com/w3c/webauthn/commit/d57cd65cd43cb686f52a0f225b62a26e51855904

* Merge remote-tracking branch 'origin/main' into enterprise-attestation-guidance
  by David Waite
https://github.com/w3c/webauthn/commit/1a7096a9411a389e0ce83b74e650877f38187961

* Merge branch 'main' into enterprise-attestation-guidance
  by David Waite
https://github.com/w3c/webauthn/commit/c86f2f870f453d75c5164a73c581ebe6491977bb

* Create a couple new sections in create() and get()
  by Matthew Miller
https://github.com/w3c/webauthn/commit/fb8d620575f7037a2655747ca074992ce16cb653

* Update per agl editorial comments
  by David Waite
https://github.com/w3c/webauthn/commit/c294f84caf7dad88149d26decf86fe3b85bb5777

* Lowercase enterprise attestation in text.

Enterprise attestation is used elsewhere without capitalization, and it
could be said to be a characteristic and not a format like Packed.

Change "provisioned at manufacturing" to "provided at manufacturing" to
clarify difference from MDM-provisioned attestations.
  by David Waite
https://github.com/w3c/webauthn/commit/9212bc492a2d5b303b93e7b107b26d81c835e0a5

* Document registration exceptions
  by Matthew Miller
https://github.com/w3c/webauthn/commit/08c5f8d647dc4915ab7a7090db293233d01ce1d7

* Document authentication exceptions
  by Matthew Miller
https://github.com/w3c/webauthn/commit/8256982b7d2fc5c0991ee0bb46a944d92e27d40b

* Merge branch 'main' into 1859-differentiate-errors
  by Matthew Miller
https://github.com/w3c/webauthn/commit/a915f42b950d6c66e69b2080daf440a6e435fde6

* Incorporate feedback
  by Matthew Miller
https://github.com/w3c/webauthn/commit/eca6907bf76cb14dd865b62a5f145f5536e38015

* Fix manual section IDs
  by Matthew Miller
https://github.com/w3c/webauthn/commit/386a718b26459a2155cd7a5000b4072e464521bf

* Tweak TypeError description
  by Matthew Miller
https://github.com/w3c/webauthn/commit/2f822916bb4b1d68e07b83e2c21fd01707ee5a1b

* Update link to our CredentialCreationOptions
  by Matthew Miller
https://github.com/w3c/webauthn/commit/88b24025fda4fb7758e11c779291baf1c185eb31

* Rename section titles
  by Matthew Miller
https://github.com/w3c/webauthn/commit/1d5a8d304a124877bc9d363f54e2ddd7dde6d614

* Clean up PR
  by Matthew Miller
https://github.com/w3c/webauthn/commit/2fb6c0273762c648d9533c3de5bb687e2113615b

* Mark sections non-normative
  by Matthew Miller
https://github.com/w3c/webauthn/commit/6760c571dc51670d256ddbc37fd4ddf8dda8b8c0

* Tweak verbiage
  by Matthew Miller
https://github.com/w3c/webauthn/commit/4fdf453f5deb3407c34e580428c25c706ab27d7c

* Add text about possible external extension errors
  by Matthew Miller
https://github.com/w3c/webauthn/commit/6e880f35ce41cab3aeea1468accc5281370ed0fa

* Add TypeError for .get()
  by Matthew Miller
https://github.com/w3c/webauthn/commit/6afa223fd4f661ece8e2eab469fb904a6082599f

* Merge branch 'main' into 1859-differentiate-errors
  by Matthew Miller
https://github.com/w3c/webauthn/commit/d7f5be38733ec5025cfb652f294024389f4e9771

* Migrate mention of extension exceptions
  by Matthew Miller
https://github.com/w3c/webauthn/commit/ef4e7623ab8afd9bf770d3699aa819a47699bf42

* Merge branch 'main' into 1859-differentiate-errors
  by Matthew Miller
https://github.com/w3c/webauthn/commit/21593715d8c21280f619e228bbc8eaf9fdd6c29b

* Move TypeErrors into separate sections
  by Matthew Miller
https://github.com/w3c/webauthn/commit/71995bbf7a50fb18a79a3d0a4dbcfad96b133198

* Change errors -> exceptions
  by Matthew Miller
https://github.com/w3c/webauthn/commit/d62aa752e137f9892f4923fc6af450c596f50826

* Figure out how to link to Exceptions
  by Matthew Miller
https://github.com/w3c/webauthn/commit/3331b218b0dd7ee22a889682d2e8ac81340be227

* Update index.bs

Add topOrigin to the limited verification algorithm.
  by philomathic_life
https://github.com/w3c/webauthn/commit/8d32e89b9ce1da93004c3bb1b24ea346a6093bbc

* Punt on summarizing extension exceptions
  by Matthew Miller
https://github.com/w3c/webauthn/commit/6d0895e15fa676d04a68ffcab14a3fc683d8b3be

* Use simple exceptions instead
  by Matthew Miller
https://github.com/w3c/webauthn/commit/f15b18b1609d96956016fdefb7457eed944263cb

* Add SecurityError reasons for related origins
  by Matthew Miller
https://github.com/w3c/webauthn/commit/b95ca47ea95efd1569cdcf03159e2395e3faddc5

* Remove work from #2095
  by Matthew Miller
https://github.com/w3c/webauthn/commit/097113a96b137cd445ee59e04b02d153b5708666

* Tweak SecurityError for Related Origins
  by Matthew Miller
https://github.com/w3c/webauthn/commit/3e36885324a4153a5ce578487ea95a6b1f0f3b99

* Incorporate feedback from Emlun
  by Matthew Miller
https://github.com/w3c/webauthn/commit/36dc20c78b7f004884229df5fad06059742b5c06

* Remove superfluous webidl spec reference
  by Matthew Miller
https://github.com/w3c/webauthn/commit/fc5280160aa4f14c9f0f5821598159580ef755a3

* RPs won't get UnknownError authenticator errors
  by Matthew Miller
https://github.com/w3c/webauthn/commit/419e71fd41f9ee41eca87d833b7f95878a908afc

* Wrap types in code tags
  by Matthew Miller
https://github.com/w3c/webauthn/commit/2b692faccc91e9559ddace2d4405987f144158e0

* Add PR template
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/d5f7c33a8e3b9170b0e1b3cf6a644464e9022d52

* adds links

Co-authored-by: Nina Satragno <nsatragno@gmail.com>
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/902af61dc7aa15229b6aad92f0dd998e43de8f91

* Drop the supplementalPubKeys extension

This extension will not have two interoperable implementations within
the Level 3 timeframe.
  by Adam Langley
https://github.com/w3c/webauthn/commit/2ec45f8b34638b0c62bb4208507bc4a76cd0ef4f

* Move position of `id` to match non-JSON ordering
  by Matthew Miller
https://github.com/w3c/webauthn/commit/a5a12f6a76ee1624340b7b514822e48936836b76

* Specify topOrigin is optional in the defintions.

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by philomathic_life
https://github.com/w3c/webauthn/commit/9bb78e4f29bf19f5e224b94ba5641983c920f9ac

* Move topOrigin definition after crossOrigin
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/998b863a07c03a888365927b8935c11b85b7c53d

* non-normative comment
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/4c22cbe8ad4fc5f441c024c3eb0fdb3fcb6d5ee7

* Change type of credProps.authenticatorDisplayName to DOMString

As recommended by the Web IDL spec [1]:

>Specifications should only use `USVString` for APIs that perform text
>processing and need a string of scalar values to operate on. Most APIs that use
>strings should instead be using `DOMString`, which does not make any
>interpretations of the code units in the string. When in doubt, use `DOMString`.

[1]: https://webidl.spec.whatwg.org/#idl-USVString
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/34d8b60de1f7e0e0e29b9f082e51ffa9012411dc

* Merge pull request #2047 from w3c/1859-differentiate-errors

Help RP's understand actionable exceptions from `create()` and `get()`
  by Matthew Miller
https://github.com/w3c/webauthn/commit/056ed8b71badb1bd47119032621ab85194177da5

* Merge pull request #2110 from w3c/mm/2082-publickeycredentialdescriptorjson-ordering

Reorder PublicKeyCredentialDescriptorJSON values to match PublicKeyCredentialDescriptor
  by Matthew Miller
https://github.com/w3c/webauthn/commit/2df9691d9537f4e54d1b83fc9707525e8e34dac0

* Restore (empty) Authenticator Extensions section
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c6defa8da7ed656784d609b6ac8821123e242091

* Merge pull request #2109 from w3c/rmspk

Drop the supplementalPubKeys extension
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b308a66f89615409202ee15283797429b835a8ac

* Change id to DOMString
  by Matthew Miller
https://github.com/w3c/webauthn/commit/769610ebc28afaad6604795722e4e15fc30fb8d1

* Make topOrigin verification backwards compatible with L2
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/213cb2444e984ea10cbe61bee293a394636e7fb3

* Infer crossOrigin argument from topOrigin
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/60fc0e8549bb3b14eee037a3f446d271dca04351

* Merge pull request #2120 from w3c/mm/update-responsejson-id-type

Change `*ResponseJSON.id` to `DOMString`
  by Matthew Miller
https://github.com/w3c/webauthn/commit/9135ead6f32c02e0abb2a2c535c320cef8da1d56

* Remove MDN

Removes contact MDN item
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/d261d9ebf8ca57b299ae97de33bfa6c2d185d4f9

* Merge pull request #2114 from w3c/issue-2101-toporigin-order

Move topOrigin definition after crossOrigin
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/5f0701d0c35b3080d3b3f9a928b1b4373a98b7e4

* Merge pull request #2108 from w3c/tc-pr-template

Add PR template
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/93193a1dcfddf6a6daa4726fafa4f556bff203ca

* Fix Credential*Options/PublicKeyCredential*Options confusion in RP ops

Analogue of 4800133de6cf06cb926106f35203fe5beb651598 for the RP operations.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/155810689f732369c79feace1cd8078ef1ac8b9f

* Clarify meaning of "unless" in UP flag validation
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/115c2f9372f903ee6b14526b6411f9dd6cd5028d

* Add editorial conventions section to CONTRIBUTING.md
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/512fe423085b6941031b14a6063908714c4ae945

* s/PublicKeyCredentialHints/PublicKeyCredentialHint
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/f911218be877ee47685602b8055b211ee6a503e6

* Update CONTRIBUTING.md

adding notes for non-member IPR commitment
  by Simone Onofri
https://github.com/w3c/webauthn/commit/01c666afe3858040a1c3057d05aae13080ac2c36

* Merge pull request #2115 from w3c/authenticatorDisplayName-DOMString

Change type of credProps.authenticatorDisplayName to DOMString
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/6a795162349c0f7daa6d714bd6bff521dda5ed0d

* Merge pull request #2125 from w3c/rp-ops-options

Fix Credential*Options/PublicKeyCredential*Options confusion in RP ops
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8e0a69092a5af966e58172b9a2eaf17035964b7a

* Add Signal API

This commit adds a `PublicKeyCredential.signal` method that relying
parties can call to notify authenticators of changes on the
applicability or metadata of credentials.

Closes #1967
  by Nina Satragno
https://github.com/w3c/webauthn/commit/e241e6d17f01d19295fab0b48f2f75d80f12671e

* Add first version of the algo and format
  by Nina Satragno
https://github.com/w3c/webauthn/commit/b8a912e9c5d5174b97df538f8df8086d7cf6732e

* Update interface.
  by Nina Satragno
https://github.com/w3c/webauthn/commit/9c9355a938b89496521580f32e4188bdbfd22d3b

* Have more flexibility for authenticators.
  by Nina Satragno
https://github.com/w3c/webauthn/commit/8a8a06a4e47a4a42734ecb7d4537783020087dd4

* Polish
  by Nina Satragno
https://github.com/w3c/webauthn/commit/c29e08ca46926a3520c42677c058bc9247d718b8

* make rpid required
  by Nina Satragno
https://github.com/w3c/webauthn/commit/d44f313b8430549976f509e301d1a12a3f620d69

* Split signal API into three methods.
  by Nina Satragno
https://github.com/w3c/webauthn/commit/02890af6cc70c7462b68647ac4968e4eeec04d5c

* emlun's comment
  by Nina Satragno
https://github.com/w3c/webauthn/commit/70b267b53a4b45d7d3f0a96c3050b7bf3651fc5e

* Extra privacy considerations.
  by Nina Satragno
https://github.com/w3c/webauthn/commit/a745490cff775084b86fade0bf95331a9d3e756f

* Allow unhiding credentials.
  by Nina Satragno
https://github.com/w3c/webauthn/commit/00dd9c7b6de90fdbe6d9f1429c563414b7882b0c

* Update RPID validation
  by Nina Satragno
https://github.com/w3c/webauthn/commit/0d990f75d49d236ce3f7f4750647ec0e66a88813

* Hiding > Deleting
  by Nina Satragno
https://github.com/w3c/webauthn/commit/57815ac6b75d86e88fa50ceb2cc77aafde8daa39

* Drop the `id`
  by Nina Satragno
https://github.com/w3c/webauthn/commit/84a97e45fd662d99131697c1b9a2963f59d715cf

* add to client capabilities
  by Nina Satragno
https://github.com/w3c/webauthn/commit/4be9a4e2669869ee39055398ac429c97ea806198

* Add note comparing signal types
  by Nina Satragno
https://github.com/w3c/webauthn/commit/981b278fc2d1430a86ac684cd55d99a056e83552

* Use CAPS for normative requirements

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Nina Satragno
https://github.com/w3c/webauthn/commit/73ab0797d3924fefbfc225b8b54f782551603781

* Apply suggestions from code review

Notes are not normative.

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Nina Satragno
https://github.com/w3c/webauthn/commit/e4a9de894f61f98b95c6008c539c3285494c8a0c

* Make alternative methods normative.
  by Nina Satragno
https://github.com/w3c/webauthn/commit/1454bf79a74028faaaea3c2cb8ef936d1ba70313

* Update index.bs

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Nina Satragno
https://github.com/w3c/webauthn/commit/40753fdc93609809489c25a1d8d94a1e68194f0b

* Address emlun's comments.
  by Nina Satragno
https://github.com/w3c/webauthn/commit/74d3cf083752b38e2eb44285d95a7ddc18979afa

* Apply suggestions from code review

Co-authored-by: Tim Cappalli <tim@cappalli.me>
  by Nina Satragno
https://github.com/w3c/webauthn/commit/7687a40fe85e7c69e1509cadae170c3a9e8baa3d

* Merge pull request #2131 from w3c/simoneonofri-contributing

Update CONTRIBUTING.md for non-member IPR commitment
  by Simone Onofri
https://github.com/w3c/webauthn/commit/a871f796c591721c9556f119924ee29484b441f5

* Update obsolete privacy concerns about throwing errors early
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e0fb9b2326cc00a9331444f855af7b67375f020f

* Add dfn for passkey in passkey platform authenticator and export
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/06340fddf29944fffeb6d0700383d4d5192520e5

* Rename first-factor roaming authenticator and integrate passkey term in text
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/ee25baebbe4390c8eea167072ad31d4ff03602ec

* add BE/BS steps to authData
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/ad88a31055c1c2e4af370ab86e1b876b180cdac7

* s/MUST not/MUST NOT
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/823ce16ac3ff854e85623d0b5d9ee5ae70ced0e8

* Clarify behaviour of duplicate hints
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/693a498452f4596c18f7a37e2ee39231333ee5bb

* Update index.bs

Co-authored-by: Emil Lundberg <emil@yubico.com>
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/caf217a1adb757202d854c335ddadfe0121fb16b

* Merge pull request #2141 from w3c/2064-tc-bebs-steps

Add BE/BS steps to authData generation
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2e757932a8584aad34dfc0593d9b728d6b602f8c

* Merge pull request #2127 from w3c/issue-2045-semantic-line-breaks

Codify semantic line breaks as editorial convention
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/54e634695e7dfdc41270eb129117bea70b9c1cf3

* Merge pull request #2138 from w3c/2136-tc-dfn-passkey

Adds dfn for passkey in passkey platform authenticator and exports
  by Adam Langley
https://github.com/w3c/webauthn/commit/fb6351bd6cccce319531dc3638f3008738a16ac1

* Merge pull request #2104 from zacknewman/zacknewman-patch-1

Add topOrigin to the limited verification algorithm.
  by Anthony Nadalin
https://github.com/w3c/webauthn/commit/403c2b3380a976ed162fc6833b3ee124adfc0e4f

* Merge remote-tracking branch 'origin/main' into enterprise-attestation-guidance
  by David Waite
https://github.com/w3c/webauthn/commit/e9a482a826cd3445e6ed98718c3e7c78e5a6ce2f

* Added simplified text based on feedback
  by David Waite
https://github.com/w3c/webauthn/commit/39733f08b59471c641abc458bd60fd05662bc704

* Merge pull request #2129 from w3c/2112-tc-hints-to-hint

Rename PublicKeyCredentialHints to PublicKeyCredentialHint
  by Nick Steele
https://github.com/w3c/webauthn/commit/caefa8a1be35da86ce30e6205badd71f298011d6

* Remove prior bikeshed workaround
  by David Waite
https://github.com/w3c/webauthn/commit/176ea8173cc571abf7fb787aaebed7ef84d31402

* Reword UP flag validation per review suggestion
  by Matthew Miller
https://github.com/w3c/webauthn/commit/6cae8a57d3afbcc513a0ab2381866eae750a93a4

* Merge pull request #2126 from w3c/issue-2122-rp-up-conditional-clarify

Clarify meaning of "unless" in UP flag validation
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/0ca1c85f19c6a80b65c2c833b51b67699011e3f3

* Merge pull request #2145 from w3c/issue-2135-duplicate-hints

Clarify behaviour of duplicate hints
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/7cd62699eda269e44efe9584bc0dc661ac025d7f

* Merge pull request #1926 from sbweeden/sbweeden_1925

Clarify TPM attestation verification instructions
  by Nick Steele
https://github.com/w3c/webauthn/commit/199dcdad48045aca69bab819bf54e0fe59aeb066

* Merge pull request #2134 from w3c/issue-2132-obsolete-privacy-cons

Update obsolete privacy concerns about throwing errors early
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/adf7a95537499f79ad72a76422836116387c246e

* Merge pull request #2149 from dwaite/remove-packed-bikeshed-workaround

Remove bikeshed workaround
  by David Waite
https://github.com/w3c/webauthn/commit/ed636a2d166b0652f744ff321e0a893a2d60d1ef

* Merge pull request #1954 from dwaite/enterprise-attestation-guidance

Enterprise packed attestation guidance
  by David Waite
https://github.com/w3c/webauthn/commit/efdf948e44720b848985820d2083196c590124ab

* Mark Android SafetyNet attestation as deprecated.

Google have
[announced](https://developer.android.com/privacy-and-security/safetynet/deprecation-timeline)
the deprecation of SafetyNet in general, and [specifically
for](https://android-developers.googleblog.com/2024/09/attestation-format-change-for-android-fido2-api.html)
WebAuthn.

This change adds a note in the SafetyNet section that it may be removed
in a future revision of the spec.
  by Adam Langley
https://github.com/w3c/webauthn/commit/bcd428d84e3f0094fc75a77aa45985bd4e0ff9f9

* Deprecate rp.name
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2e2e3c6dc421a89a6801233f724cbd33bc4f0ef5

* Fix CredentialRequestOptions hyperlink
  by philomathic_life
https://github.com/w3c/webauthn/commit/ae49b8200c5fadbbf60be748afee0f96813353d2

* Add aliased link texts for "human palatability"
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e2ab213df8a99fc976cea08dbde42bfcf6851f3c

* Add [credential record/authenticatorDisplayName] handling to RP operations
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8b137245bcf3667fd2909063eda0411eced38a5c

* Fix Unicode example syntax
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/434a77fb9578bc2c5d70a31c60b6588343063e28

* Validate CollectedClientData.crossOrigin in RP ops
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/561144ed0cf95123e66dcf68703db4a3084cd6d3

* Move extension processing to after signature verification
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/3fb838eb5ece8dc1855e2710ba246ce2d7bcc56b

* Fix reference to step 22 in Create()
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/cf7202ba2b56d041ac9cf1e773919fd15e65f8c5

* Modernize extension processing step of RP ops
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/1ba9322f3375d2946a50a6f354ebe954cff55417

* Remove NOTE from normative caveats on extension processing
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/560fe0e3567875ca6e7e12d70e69f565d5ef156b

* Don't return an algorithm from [[DiscoverFromExternalSource]]

This initialization of |settings| and |global| is copied from the equivalent
steps of [§2.5.4. Create a Credential][1] in CredMan, which sets the arguments
used to invoke the |constructCredentialAlg| in WebAuthn's [[Create]]:

>Let |settings| be the [current settings object][2].
>
>Assert: |settings| is a [secure context][3].
>
>Let |global| be |settings|’ [global object][4].

[1]: https://w3c.github.io/webappsec-credential-management/#algorithm-create
[2]: https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object
[3]: https://html.spec.whatwg.org/multipage/webappapis.html#secure-context
[4]: https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/bdcb938b242ff8b7a9ec74f1afdfcc54a14cc3c1

* Fix reference to extensions input in get()
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/4866b1390a1ea511d9aa67f53d8eae5a75383939

* Acknowledge Simone Onofri and Philippe Le Hégaret as W3C Team Contacts
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/9e0fe6ae6f8484007d8df50fe45f6b26d88a205f

* Acknowledge Zack Newman for reviews and contributions
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/3b5a8d1e253f0eff76f26ee5d20d472d1c710520

* Add test vectors for PRF extension
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/37dacdae7de4a08b08b99a10843c37fb7babb418

* Apply review suggestion

Co-authored-by: Adam Langley <agl@google.com>
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/fe68eaec8f4402d98c329deb737a8766d90035b9

* Add userName and userDisplayName to webdriver

This PR adds the userName and userDisplayName properties to the
webdriver's credential parameters. These properties are useful to test
the new signalCurrentUserDetails method, both on WPTs and for web
developers.

Closes #2143
  by Nina Satragno
https://github.com/w3c/webauthn/commit/96ed2bd5dbbc6aa66e9ea7b9adf3a8c66ec260e0

* Merge pull request #2173 from w3c/issue-2170-ack-zacknewman

Acknowledge Zack Newman for reviews and contributions
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/333861889d0840806d6db2ea334d154dc19bc59a

* Merge pull request #2171 from w3c/ack-simoneonofri-plehegar

Acknowledge Simone Onofri and Philippe Le Hégaret as W3C Team Contacts
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8da6300be11ed30d362b01fcc670f87bea57dac7

* Merge pull request #2161 from zacknewman/CredentialRequestOptions-hyperlink

Fix CredentialRequestOptions hyperlink
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/bd799352b8efc8af773868010eba926b414770bb

* Merge pull request #2155 from w3c/safetynetdeprecate

Mark Android SafetyNet attestation as deprecated.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/5831a2c9b2cc7765a24309f14db027a6f1bffa65

* Use <xmp> instead of <pre>, fixing CDDL highlighting

Using <pre> causes some single quotes in the CDDL examples to be converted into
"’" (U+2019) instead of "'" (U+0027), which is incorrect CDDL and also breaks
the CDDL syntax highlighting.

See the [Bikeshed documentation][1] for more on using `<xmp>`.

[1]: https://speced.github.io/bikeshed/#xmp
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/ebfe871f78f5d5be6cefecabf5a723b119dacae2

* Consistently use <xmp> instead of <pre> for code examples

Using `<pre>` sometimes causes some characters to be converted into others. This
is especially apparent in CDDL examples, where for example the first single
quote in `foo = h'001122'` gets converted into "’" (U+2019) instead of
"'" (U+0027), which is incorrect and also breaks CDDL syntax highlighting.

See the [Bikeshed documentation][1] for more on using `<xmp>`.

[1]: https://speced.github.io/bikeshed/#xmp
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/41c514f6e1db4b4aaba77c3145990f0f99c5bd7b

* Fix syntax highlighting tags
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/ef54852bf773d82174798bfff3e87469380db325

* Use 0x0a instead of 0x10 as 11th test vector PRNG index
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c2395cbbb6351654ef1a2d40ceba252ca73d4683

* Fix order of middle bytes in Uint32Array example
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/b953fed1340f3c97096444960c6107c07cebb442

* Escape single quote in CDDL-style byte string literal in <code>
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/a23151753ccc9857a00831250b196828c84907e3

* Address #2172
  by Shane Weeden
https://github.com/w3c/webauthn/commit/85717cce29586ec9fec3bf75bbb00da8ee39e4c6

* Merge pull request #2159 from w3c/issue-2121-rp-name

Deprecate rp.name
  by Shane Weeden
https://github.com/w3c/webauthn/commit/1e2256dae3c7f0dedc2f87ff66494c6b3f274518

* Fix create-to-get copy-paste error
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/aa8728aa5504769fce9c0fe765a8815f0a77e24b

* Move <dfn> of [[Create]] to heading like [[DiscoverFromExternalSource]]
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/70fb37a378e50943f1652195d7420452f061807c

* Extract macros for referring to [[Create]] and [[DiscoverFromExternalSource]]

This also fixes some inconsistencies in parameter lists between references to
these methods.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/6744192e08e90fd90f2636e0ad076d19daf8e132

* Merge pull request #2165 from w3c/issue-1641-unicode-syntax

Fix Unicode example syntax
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/386ad79021e52c2ef660009e54b13e5f1ba91625

* Drop definition "User Credential" unused since 2ec45f8b34638b0c62bb4208507bc4a76cd0ef4f
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/5887b9f253fcc738db8a5c66818bb3ad954bc84f

* Fix typo in reference to variable |effectiveDomain|

Fixes this Bikeshed lint:

```
LINE ~3100: The var 'effective domain' (in global scope) is only used once.
If this is not a typo, please add an ignore='' attribute to the <var>.
```
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/1fcb7aad5898035244ecc26a96da3074e8d6a516

* Add warning about sending PRF outputs to server
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8c6827e6b9dd1dc602b0bb2aad40fab95c75118f

* Remove apparent reference to non-existent [[Get]] internal method
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/39da7b119eabee3b75529586712f28be22cf51de

* Change "Method" to "Internal Method" in headings where appropriate
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/c258674eceafbb05545f596cb37b3703b3fbc931

* Simplify reference to default [[CollectFromCredentialStore]]
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8d76185ae7b8c0a3069872fbd1f8d3789b5bfb94

* Add reference to #sctn-discover-from-external-source from discussion of get() internals
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/068d7f56764c6a48d7de74f7fcf99267a2b726b1

* Merge pull request #2180 from w3c/issue-2169-no-credman-get

Remove apparent reference to non-existent [[Get]] internal method
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/9942c9cefccb1d5006bb104a61b22e8faae4423b

* Merge pull request #2179 from w3c/internal-method-macros

Extract macros for referring to [[Create]] and [[DiscoverFromExternalSource]]
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/b253c3b1e4ddfbb9575c8a9677d9126d8d13017d

* Merge pull request #2175 from w3c/example-code-xmp

Fix encoding and syntax highlighting of example code
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/cfa73332d4aeed226074903ae09508cb2b39177a

* Merge pull request #2174 from w3c/issue-2088-prf-test-vectors

Add test vectors for PRF extension
  by Nick Steele
https://github.com/w3c/webauthn/commit/d9204428c6d92ec1a0712110939cdf8156bc1818

* Merge pull request #2168 from w3c/issue-1984-get-return-alg

Don't return an algorithm from [[DiscoverFromExternalSource]]
  by Nick Steele
https://github.com/w3c/webauthn/commit/9f20a4d3a7fa8163432627f7b909e5c6871211f0

* Merge pull request #2182 from w3c/lint-var-effective-domain

Fix typo in reference to variable |effectiveDomain|
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/1fcb5c2cef539021f7ed9339753b886475feb69e

* Merge pull request #2181 from w3c/lint-unused-def-user-credential

Drop definition "User Credential" unused since PR #2109
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/7e716a14c14eeecd3dd26b871eb713c194fc1e01

* No credentials or referrer for RoR well-known
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/875486f36312ffe907c25ba8b9ad520aad94c59e

* require HTTPS scheme for all well-known calls and redirects
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/241833d9b964e4b4c5b1a82e04d23d9ae9038d77

* Update index.bs

accepting line breaks as elum suggested

Co-authored-by: Emil Lundberg <emil@emlun.se>
  by Shane Weeden
https://github.com/w3c/webauthn/commit/8c2cfdd4a7e6fec4eef91c31f2b0fc0ef972eef6

* Merge pull request #2176 from sbweeden/sweeden_2172

Non-incrementing signature counters could be due to race condition
  by Shane Weeden
https://github.com/w3c/webauthn/commit/3154b78e210e6e498b8a34daa587f9159ca6ad2f

* Clarified signing and verification procedures for TPM attestation
  by Monty Wiseman
https://github.com/w3c/webauthn/commit/8d690aa48c5dd5ed23de4724aa8a302e6ae9a4de

* Minor formatting fixes
  by Monty Wiseman
https://github.com/w3c/webauthn/commit/e51255db9de99e86544b02771940b7b471a7c3f7

* Add note that qualifiedSigner, clockInfo, and firmwareVersion may be obfuscated.
  by Monty Wiseman
https://github.com/w3c/webauthn/commit/4d5c9ea96b0a81692436b9f535a4d2f2d0420ffc

* Change verify to check sig of certInfo before processing it
  by Monty Wiseman
https://github.com/w3c/webauthn/commit/73435ba83e68f4d669c52beeff2db69d168203d1

* Disallow HardwareModuleName in attestation certificate's SAN. Update referece to EK-Profile to current version.
  by Monty Wiseman
https://github.com/w3c/webauthn/commit/96e5e072fa1cfcf22fcaca25af3a5997b2f06460

* Merge branch 'main' into issue-2156-rp-ops-authenticatorDisplayName
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/43697f7e388b8d995b55dfde19a83a45c723a67c

* Merge pull request #2163 from w3c/issue-2156-rp-ops-authenticatorDisplayName

Add [credential record/authenticatorDisplayName] handling to RP operations
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d6b0d2cedc94865c7ff6141417b628e7600e767f

* Merge pull request #2166 from w3c/issue-2113-rp-ops-crossOrigin

Validate CollectedClientData.crossOrigin in RP ops
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/3c506d45dc133046028f8dec18eb8ab77d6e1fbd

* Merge pull request #2183 from w3c/issue-2178-prf-warning

Add warning about sending PRF outputs to server
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/406ec42a3b8667405f4b9056efa49808c0f5aaac

* Correct spelling
  by Monty Wiseman
https://github.com/w3c/webauthn/commit/1314870b7b60a00ceee1a1f3598c3b8085b7d70c

* Merge branch 'w3c:main' into main
  by Monty Wiseman
https://github.com/w3c/webauthn/commit/21d38c0acecbf5fc4e608e379e07b71999793321

* Merge branch 'main' into issue-1711-ext-proc-before-sig-verify
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/34b98ecedf2b80ab7114ef80b2c662755977166c

* Merge pull request #2167 from w3c/issue-1711-ext-proc-before-sig-verify

Move extension processing to after signature verification, and modernize it
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/92e101570d4b1f06121b3f7d3215cc68e5da4019

* Delete authenticatorDisplayName
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/26ae8150418cbfc2b9c48042d9607d8bf4b6d64a

* Move RP ID related definitions outside Note
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/beca3e1f550dddd23cf381199bd3fa2d5075d1e7

* Drop outdated "Issue 1" from spec

This issue was originally added in commit
931b46eece69f5d780ce4b317e3a377a3a67f85c in 2017. The referenced discussion
seems to have stalled shortly thereafter, so this issue is most likely no longer
relevant.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e2923ba1e40d3a8a82a04685dbde14e9acc37be4

* Further clarification of nameAlg in TPMS_CERTIFY_INFO structure and PublicArea
  by Monty Wiseman
https://github.com/w3c/webauthn/commit/9618b97762365855aa2d52e1992a1ab66cc1f8dc

* Un-Note normative note about performing UV within authenticator boundary
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e515fb767b6b8d49549049ed6053e57e4bf9739b

* Fix emphasis markup
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/cc8c0f615275993eea63d31349e8d1ee7f706ccd

* Fix and un-Note note about constraints on credential ID length/format
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/33f825951d1dcf5bd781649b18deb1dfebee8b25

* Un-Note note with requirements on snapshotting BufferSources in create()
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/0ea765373aed2e962439eb691a5bd29a86aaff40

* Convert Note about top origin warning to normative algorithm step
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2da634d590db86056e7eea5e96491af417fff0fc

* Un-Note normative note about cognitive guidelines on timeout
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e51728794dbc1d87699b9583fe60ab71239484ec

* Un-Note note with requirements on snapshotting BufferSources in get()
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/74b0259913f7475f7e9373aa5ecd2604b24e6c8e

* Un-Note normative note about cognitive guidelines on timeout
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/0378481e22908d4d2b75e576c31e53dbb2a54050

* Un-Note normative note about discoverable credential prompt
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/1298e51b023fe9a1f607b1c5354134386bccf1dc

* Rephrase procedure to prompt to choose DiscoverableCredentialMetadata
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/18e39e9741a64026fca0459dd665875202001290

* Un-Note normative note about client capabilities not covering authenticator extensions
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/7d5efb67ee427da8696a7527aa91708dbc4700d9

* Un-Note normative note about preferring to hide credentials
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/ae5cf835da4326ef86cda335b3ebb6922c00b74e

* Rephrase recommendation to prefer hiding credentials
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/1e327a2fb335a13488c6311318cad4d09a1ada80

* Change "may" to "might" to make it less normative-looking
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/69e804ac84210a108fe2da1bbed7c1cca3450577

* Un-note normative part of note about getPublicKey() etc backward-compatibility
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/56b7fe83db61b0595d5dd6137e7e77a385fdf357

* Un-note normative recommendation against constant user handle
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/f2bf8dac732fc20350554fef6ae74c93e4f7c9ac

* Remove normative language from note about no attachment option in get()
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/3365ff7c2d7213371409800c9a32b4a4cf7cbf39

* Un-Note normative note about not ignoring all allowCredentials
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/bc4ba5b08da62841fae277e7d39dbf2707a7a90a

* Fix grammar
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8c9bf0493e69b46cd4688d43fe4d73c40e8bc52e

* Fix leading lowercase
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/75fc32d917483e2d937f13cbdd70af0e3d1ce9a3

* Un-Note normative notes about aborting other authenticator operations
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/f3fdceb8a91a2dca00573e7e61a8de0b88eff54d

* Make note about equivalent UTF-8 decode non-normative
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/bfc59b442d9cf2cc217e372233fe898a350c2b0b

* Rewrite normative note about not failing untrusted attestation
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/13d750bef184fbe4d3411e2a314cdf60c5fb6dbf

* Make note about domain-based attestation statement format identifiers non-normative
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/81dd166ef892c14ba2bcf37913af946c2c33069a

* Make note about extension identifiers non-normative
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/30cadd4c8df8a999ba25dd2475654e77553c6b8d

* Un-Note normative note about minimizing authenticator extension inputs
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/7df2c26e6fa76100019e81f01f10643416a62e61

* Convert "Note:" to uppercase to match Bikeshed macro
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/bb2e3295e345bb2613ba1a881f9267264b8c2a38

* Unify markup of multi-paragraph NOTEs
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e3c1b5008df37eceec5dd130a7db6992170bbae9

* Add editor's note about autofill token order requirements not being ours
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/72d47d07a3da8c653c0844071c9ccdda0b388d07

* fixup! Fix and un-Note note about constraints on credential ID length/format
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/476e46b2e0c92e199c07658a80b0da0a456fe879

* Revert extending credProps to apply to authentication ceremonies

This reverts commits 76e88e1d80947284a422894fe81d686f478ed67b and
2472df637429f96be24dcb361df087c1cbaa50bb.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/1ef1781f943af27deb2491180e0ab5e3d3c09eb4

* Restore note that only one credential property is defined
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/9ac5dad2ef0b3cf8cac29b06996a257b0c6b78a6

* Fix undefined reference to client-side discoverable credential property
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/92ccb542574e532ad33a4d2e0913224599b91251

* Merge pull request #2193 from mwiseman-byid/main

Clarify use creating and verifying TPM attestation statements.
  by Shane Weeden
https://github.com/w3c/webauthn/commit/0633494704a6319cdfd7b03fb8ff782e01e5b481

* Merge pull request #2186 from w3c/tc-relatedorigins-tweaks

Mozilla feedback: Related Origins
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/b287006438e4522132b0b6419ace3818d914f984

* Merge pull request #2194 from w3c/issue-2187-drop-credentialRecord-authenticatorDisplayName

Delete authenticatorDisplayName
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/fd53e2c3d890118f7dd022a143927b815073f441

* Merge pull request #2195 from w3c/stalled-spec-issue-1

Drop outdated "Issue 1" from spec
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/814e03a24c87b89e3500758370f572038ff9a10f

* Update index.bs

Allow the passing of the aaguid for all Authenticators, not just the platform ones.
  by John Bradley
https://github.com/w3c/webauthn/commit/5d74429fba21da5c194489e7d74c14efc220b7cf

* Small tweak to PR template

Adds missing close paren
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/0bf6ddb51db0e4293c857b54bcfef7b7781370b9

* Merge pull request #2199 from w3c/ve7jtb-Fix-2198-WebAuthn-Clients-should-NOT-zero-out-AAGUIDs-from-security-keys-when-attestation-is-none-

WebAuthn Clients should NOT zero out AAGUIDs from security keys when attestation is none
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/654d38406a07133d2788a316f4f590a40578159b

* Merge pull request #2200 from w3c/timcappalli-patch-1

chore: Small tweak to PR template
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/e2987a9e30186cf588ad262a904b535b896aaaee

* Add test vectors
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/6737d23798f11e8574086464eeb7a5adfbc81a0c

* Move PRF test vectors to Test Vectors section
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/d8898af4bd35630f687892d2993a77fc48bea49a

* Add blurb about why PRF test vectors have two sections
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/643273b0c000051fe42d9ba1e9d76675352e14bc

* Re-order test vectors for better legibility
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/83772885bd493a9b99a8db0368ace7fae829e97d

* Merge pull request #2197 from w3c/level3

Merge branch 'level3' into branch 'main'
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/3bba180028005ff7cbb60ae4cff6330dde0398a0

* Clarify behaviour of duplicate pubKeyCredParams and attestationFormats
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/dcf0ddb03bece66e6b2618b7422238ed12193761

* Use same wording of preference order for attestationFormats as pubKeyCredParams
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/eb13ee19cb4647991bbde2bb9da5685fe8fde0cd

* Merge branch 'main' into issue-1979-notes
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e1428eee68bf3cae8cb485267a114f1824c8d962

* Store credential record last in RP registration ops
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/2b9d8af35e2843dc2dd60dcf95664567d12f3575

* Update credential record last in RP authentication ops
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/4d7da39e950b3add1be49f509fac6ece29896fb1

* Equalize wording of last step of RP assertion ops with registration ops
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/91cd386e2f1b580f31329b68b17c6be156275a10

* Fix reference to $$attStmtType in definition of attestation statement formats
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/804cece99aa047cc2c84af0d484e1a357cd88050

* Formalize attStmtTemplate as more correct CDDL

I don't think the expression `attStmtTemplate .within $$attStmtType`
successfully encodes the intent "Every attestation statement format must have
the above fields", for two reasons: it does not define a CDDL rule since it
contains no = sign, and even if it did, the `.within` control operator would apply
only to the new type defined by that rule, but not to the `attObj` type.

CDDL generally makes a distinction between types and groups, and only mentions
control operators applying to types, so I don't think we can apply `.within` to
`$$attStmtType` directly. This is why we need to duplicate the `authData` field
in `attStmtTemplate`.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/e6a998eb823871d7f6f7d51ebd0bfe4b8cdc68d2

* Allow attStmt to be of array type

This is required by the new "compound" attestation statement format.
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/9b161676e556d1f855d4bfc3b9819bf32e2227fd

* Fix .within operator in nonCompountAttStmt

[CDDL][1] defines that:

>A map matches a specification given as a group when the group matches
>a sequence of name/value pairs such that all of these name/value
>pairs are present in the map and the map has no name/value pair that
>is not covered by the group.

Therefore the control `.within { fmt: text .ne "compound" }` forbids any maps
that contain additional fields besides `fmt`, which is clearly not what was
intended.

[1]: https://datatracker.ietf.org/doc/html/rfc8610#section-2.1
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8b29bec5a3db3f803478403a7ec41c80bec0d28e

* Rewrite Test Vectors introduction as applicable to all audiences
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/a0854aa1aca9980c5f07100c50d1d90aa6343a8c

* Note that test vectors have no attestation unless noted otherwise
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/abee3307949f314d737b1137b4bdd3cfa8b317e1

* Make remaining USVStrings into DOMStrings
  by philomathic_life
https://github.com/w3c/webauthn/commit/95fb560b547d5f8a631d96298f6fa013a0c67e7b

* Link "Object" to WebDriver instead of File API
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/8982a978d95e607693b1174ae74deac44f544f9b

* Fix AuthenticationExtensionsAuthenticatorInputs/Outputs CDDL

According to the CDDL grammar, after a control operator (called `ctlop` in the
ABNF grammar), there can only be a `type2` production:
https://datatracker.ietf.org/doc/html/rfc8610#appendix-B

In a `type2` production, wrapping parentheses can only be used to wrap a `type`
production. `tstr => any` is a `group` production, and needs to be wrapped in
curly braces or brackets.

In other words, from a CDDL grammar perspective, this is an invalid type:
  `foo .within ( tstr => any )`

This is valid:
  `foo .within { tstr => any }`

This update fixes the CDDL type definitions that used the `.within` operator
with an invalid type2.
  by Francois Daoust
https://github.com/w3c/webauthn/commit/8fa10df31c3c2eadbcb797164890563eb8ab6c5a

* Move .within control to correct position in extension input/outputs CDDL
  by Emil Lundberg
https://github.com/w3c/webauthn/commit/5d855e79c4242c330c737f00a1f6b15c85c1fd1a

* Merge pull request #2218 from w3c/issue-2212-file-object

Link "Object" to WebDriver instead of File API
  by Adam Langley
https://github.com/w3c/webauthn/commit/81077df3d88c2b5762bb7c917cbc9db9d3cda7a2

* Merge pull request #2216 from w3c/issue-2210-compound-attStmtTemplate

Fix CDDL inconsistencies in attStmtType and compound format
  by Adam Langley
https://github.com/w3c/webauthn/commit/3bc830109a1092de107fefc557b33f182e358775

* Merge pull request #2214 from w3c/issue-2202-pref-list-duplicates

Clarify behaviour of duplicate pubKeyCredParams and attestationFormats
  by Adam Langley
https://github.com/w3c/webauthn/commit/09969718b3cb9dbbfe020bf5cd1d3a0086d2a696

* Merge pull request #2215 from w3c/issue-2204-premature-store-credential

Store/update credential record last in RP ops
  by Adam Langley
https://github.com/w3c/webauthn/commit/08d33dc98f8012d01e7edc81f052c785af7726af

* Merge pull request #2221 from w3c/pr-2219-tidoust

Fix AuthenticationExtensionsAuthenticatorInputs/Outputs CDDL
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/57efac8e788c3ac058fcc995dbb4c2d177545fc1

* Merge pull request #2217 from zacknewman/domorigins

Make remaining `USVString`s `DOMString`s
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/26e28ecd791dee84575284f55e61514637accc74

* Merge pull request #2209 from w3c/issue-1633-test-vectors

Add test vectors
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/b36a79a8ff0f184c08d4e5b676acda0c6d5cab45

* Merge branch 'main' into issue-1979-notes
  by Nick Steele
https://github.com/w3c/webauthn/commit/6be55028e5e9896fcc25d11eb336c9f7849de29e

* Re-add merge conflct text
  by Nick Steele
https://github.com/w3c/webauthn/commit/b6fde375672d06e5980ca7d51dbfe9092ad3456c

* Merge pull request #2196 from w3c/issue-1979-notes

Merged per decision on 8-Jan-25 working group call.
  by Michael B. Jones
https://github.com/w3c/webauthn/commit/15cebd75a9af573e056f861be5830a1b688dc449

* Merge branch 'main' into tc-manualrefcleanup
  by Tim Cappalli
https://github.com/w3c/webauthn/commit/89f1be9c31a889df824f41ea650d127166b47ac6



-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 15 January 2025 17:24:39 UTC