w3c/webauthn issues and pull requests

#2058 - Don't zero platform-authenticator AAGUIDs.

Pull Request - State: closed - Opened by agl 5 months ago - 4 comments
Labels: type:technical

#2052 - Adds timeSinceUv extension

Pull Request - State: open - Opened by timcappalli 6 months ago - 9 comments
Labels: stat:Blocked

#2047 - Help RP's understand actionable exceptions from `create()` and `get()`

Pull Request - State: closed - Opened by MasterKale 6 months ago - 8 comments
Labels: type:editorial

#2047 - Help RP's understand actionable exceptions from `create()` and `get()`

Pull Request - State: closed - Opened by MasterKale 6 months ago - 8 comments
Labels: type:editorial

#2045 - Editorial convention: Semantic line breaks

Issue - State: closed - Opened by emlun 7 months ago - 3 comments
Labels: type:editorial, type:process, @Risk

#2040 - adds Related Origin Requests

Pull Request - State: closed - Opened by timcappalli 7 months ago - 11 comments

#2038 - How to guarantee created resident key is actually received by RP in adverse networking conditions?

Issue - State: closed - Opened by arianvp 7 months ago - 7 comments
Labels: type:technical, type:editorial

#2034 - New Authenticator Extension: Time Since UV

Issue - State: open - Opened by timcappalli 7 months ago - 6 comments
Labels: type:technical, stat:Blocked

#2033 - Updated contributors with Tim & Anders

Pull Request - State: closed - Opened by abergs 7 months ago
Labels: type:editorial

#2027 - Fix indentation of step to invoke authenticatorMakeCredential

Pull Request - State: closed - Opened by emlun 8 months ago
Labels: type:editorial

#2026 - Defining new OIDs to facilitate WebAuthn interoperability with CMS

Issue - State: closed - Opened by corrideat 8 months ago - 2 comments
Labels: type:editorial, @Risk

#2025 - Invoking the authenticatorMakeCredential operation clarification

Issue - State: closed - Opened by dimitribouniol 8 months ago - 2 comments
Labels: type:editorial, stat:pr-open

#2024 - Make user.displayName optional?

Issue - State: open - Opened by emlun 8 months ago - 1 comment
Labels: type:technical

#2023 - Reflect caching of user verification in WebAuthn assertion

Issue - State: open - Opened by rlin1 8 months ago - 7 comments
Labels: type:technical, stat:Blocked

#2022 - Revised txAuthSimple extension

Issue - State: open - Opened by rlin1 8 months ago - 1 comment
Labels: type:technical

#2021 - Acceptable UV caching time affordance extension added

Pull Request - State: open - Opened by rlin1 8 months ago - 9 comments
Labels: stat:Blocked

#2020 - Improved version of extension for Transaction Confirmation

Pull Request - State: open - Opened by rlin1 8 months ago - 2 comments
Labels: type:technical

#2019 - Adding example of localhost as allowed host/origin

Pull Request - State: closed - Opened by abergs 8 months ago
Labels: type:editorial

#2018 - Adding flexibility in client origin scheme validation to align with real world implementations

Pull Request - State: closed - Opened by abergs 8 months ago - 7 comments
Labels: type:technical

#2017 - Explicitly specify binary encoding for string truncation

Pull Request - State: open - Opened by emlun 9 months ago

#2016 - Clarify usage of credentialRecord.transports

Issue - State: open - Opened by jameshartig 9 months ago - 5 comments
Labels: type:editorial

#2015 - Fix Bikeshed lint

Pull Request - State: closed - Opened by emlun 9 months ago
Labels: type:editorial

#2014 - Fix references to reserved tokenBinding member

Pull Request - State: closed - Opened by emlun 9 months ago - 1 comment
Labels: type:editorial

#2013 - Refine JSON serialization to use UTF-8 encoding for `user.id` and `userHandle`

Issue - State: closed - Opened by MasterKale 9 months ago - 10 comments
Labels: type:technical

#2012 - Expand upon the definition of "unsigned extension outputs"

Pull Request - State: closed - Opened by agl 9 months ago
Labels: type:editorial

#2011 - Mark SPK's `signatures` output as required.

Pull Request - State: closed - Opened by agl 9 months ago
Labels: type:technical

#2010 - Conditional UI support by WebAuthn WebDriver Extension

Issue - State: closed - Opened by ynojima 9 months ago - 2 comments
Labels: stat:Discuss, subtype:FeatureProposal

#2009 - Correct capitalization on "Github"

Pull Request - State: closed - Opened by MasterKale 10 months ago
Labels: type:editorial

#2008 - Update index.html

Pull Request - State: closed - Opened by TylerJMorg 10 months ago - 2 comments

#2007 - Consider replacing "Github" with "GitHub"

Issue - State: closed - Opened by TylerJMorg 10 months ago - 2 comments
Labels: type:editorial

#2006 - Cambios por abuso

Issue - State: closed - Opened by JuanMahnjn 10 months ago - 2 comments
Labels: type:editorial

#2005 - Disambiguate "this value" in authenticatorDisplayName description

Pull Request - State: closed - Opened by emlun 10 months ago
Labels: type:editorial

#2004 - Reference CTAP 2.1 errata spec

Pull Request - State: closed - Opened by selfissued 10 months ago

#2003 - Fix references to credential private key that should be credential source

Pull Request - State: closed - Opened by emlun 10 months ago
Labels: type:editorial

#2002 - Wrong type of encrypted content specified for credentialId under "Credential Storage Modality" section

Issue - State: closed - Opened by sylph01 10 months ago - 1 comment
Labels: type:editorial, stat:pr-open

#2001 - Fix incorrect reference in Add Virtual Authenticator

Pull Request - State: closed - Opened by emlun 10 months ago
Labels: type:technical, type:editorial, subtype:algorithms/WebIDL

#2000 - Clarify validation step for packed attestation certificate for RPs.

Pull Request - State: closed - Opened by sbweeden 10 months ago
Labels: type:editorial

#1999 - Add backup flags to virtual authenticator

Pull Request - State: closed - Opened by nsatragno 11 months ago - 1 comment
Labels: type:technical

#1998 - How is an RP to know if a packed attestation root certificate is used for multiple authenticator models?

Issue - State: closed - Opened by sbweeden 11 months ago - 2 comments
Labels: type:technical

#1997 - Drop assertion-time attestation.

Pull Request - State: closed - Opened by agl 11 months ago - 3 comments
Labels: type:technical

#1996 - Resolve conflicts between spk (#1957) and PR #1970

Pull Request - State: closed - Opened by emlun 11 months ago - 1 comment
Labels: process:meta-pr

#1995 - Add credProps client processing step to set authenticatorDisplayName

Pull Request - State: closed - Opened by emlun 11 months ago
Labels: type:technical, subtype:extensions, process:meta-pr

#1994 - rp.name, user.name and user.displayName length limit does not state binary encoding

Issue - State: open - Opened by emlun 11 months ago - 2 comments
Labels: type:technical, i18n-needs-resolution, stat:pr-open

#1993 - Inconsistent Passkey Authentication in Google Chrome

Issue - State: closed - Opened by CyberCtzn 11 months ago - 5 comments
Labels: type:technical

#1992 - Add note about typical autocomplete combos for conditional UI

Pull Request - State: closed - Opened by MasterKale 11 months ago - 7 comments
Labels: type:technical, type:editorial

#1991 - Don't define a [[preventSilentAccess]] internal method

Pull Request - State: closed - Opened by emlun 11 months ago
Labels: type:editorial

#1990 - >

Issue - State: closed - Opened by carlena3497 11 months ago - 1 comment

#1989 - Deprecation warning for fido-u2f, apple, and android-safetynet?

Issue - State: closed - Opened by vanbukin 12 months ago - 6 comments
Labels: type:technical

#1988 - Allow use of credProps extension during auth

Pull Request - State: closed - Opened by MasterKale 12 months ago - 1 comment

#1987 - Virtual Authenticator API does not expose a way to set backup-eligible or backup-status flags

Issue - State: closed - Opened by MasterKale 12 months ago - 9 comments
Labels: type:technical

#1986 - Tweaks for bikeshed

Pull Request - State: closed - Opened by plehegar 12 months ago
Labels: type:editorial

#1985 - [meta-PR] Retain both aaguid definitions

Pull Request - State: closed - Opened by emlun 12 months ago
Labels: type:editorial, process:meta-pr

#1984 - create() and get() return an algorithm, not a credential

Issue - State: open - Opened by emlun 12 months ago - 1 comment
Labels: type:editorial

#1983 - Update GitHub Actions workflow

Pull Request - State: closed - Opened by VoltrexKeyva 12 months ago - 3 comments
Labels: process:meta-pr

#1982 - Spec is not specific enough about order of conditional UI autofill tokens

Issue - State: closed - Opened by MasterKale 12 months ago - 1 comment
Labels: type:editorial

#1981 - Remove [SameObject] attribute from PublicKeyCredential.authenticatorAttachment

Pull Request - State: closed - Opened by emlun 12 months ago
Labels: type:technical, subtype:algorithms/WebIDL

#1980 - Ambiguous instructions in the Android Key Attestation Statement Format verification procedure

Issue - State: closed - Opened by vanbukin about 1 year ago - 8 comments
Labels: type:technical, @Risk

#1979 - Are notes in webauthn normative or informative?

Issue - State: open - Opened by plehegar about 1 year ago - 1 comment
Labels: type:editorial

#1976 - Provide a way for Web Extensions to hook into browser's Passkey autofill UI

Issue - State: open - Opened by arianvp about 1 year ago - 4 comments
Labels: stat:Discuss, subtype:FeatureProposal

#1972 - Make the default value for the attestation member in assertion options be null

Pull Request - State: closed - Opened by Kieun about 1 year ago - 4 comments
Labels: type:technical

#1971 - Highlight that filtering all pubKeyCredParams is an error.

Pull Request - State: closed - Opened by agl about 1 year ago
Labels: type:editorial

#1970 - update and link to working AAGUID definition

Pull Request - State: closed - Opened by nicksteele about 1 year ago - 1 comment

#1968 - Extensions should specify partial dictionaries that modify AuthenticationExtensionsClient{Inputs, Outputs}JSON

Issue - State: open - Opened by jschanck about 1 year ago
Labels: type:editorial, @Risk

#1967 - [Superset] Updating credential metadata and requesting deletion of stale credentials

Issue - State: closed - Opened by timcappalli about 1 year ago - 20 comments
Labels: type:technical, @Risk

#1965 - Code Injection vulnerability from client side

Issue - State: closed - Opened by AdityaMitra5102 about 1 year ago - 18 comments
Labels: type:technical

#1964 - Further clarification of Unsigned Extension Outputs

Issue - State: closed - Opened by bobknowscode about 1 year ago - 1 comment
Labels: type:editorial

#1962 - Should credentials requested with attestation=none include an AAGUID?

Issue - State: open - Opened by pascoej about 1 year ago - 7 comments
Labels: type:technical, type:editorial, @Risk

#1958 - PublicKeyCredentialJSON is an invalid WebIDL construct

Issue - State: closed - Opened by petervanderbeken about 1 year ago - 3 comments
Labels: type:technical

#1957 - devicePubKey → supplementalPubKeys

Pull Request - State: closed - Opened by agl about 1 year ago - 16 comments
Labels: type:technical

#1956 - [[preventSilentAccess]] seems incorrect

Issue - State: closed - Opened by emlun about 1 year ago - 2 comments
Labels: type:editorial, stat:pr-open

#1954 - Enterprise packed attestation guidance

Pull Request - State: closed - Opened by dwaite about 1 year ago - 10 comments
Labels: type:editorial, @Risk

#1953 - Add packed attestation optional firmware version attribute

Pull Request - State: open - Opened by dwaite about 1 year ago - 16 comments
Labels: type:technical, type:editorial

#1952 - Describe firmware OID usage in packed attestation

Issue - State: open - Opened by dwaite about 1 year ago
Labels: type:technical, stat:pr-open

#1952 - Describe firmware OID usage in packed attestation

Issue - State: open - Opened by dwaite about 1 year ago
Labels: type:technical

#1951 - Initial text for conditional create

Pull Request - State: closed - Opened by pascoej about 1 year ago - 10 comments
Labels: type:technical, type:editorial

#1950 - Add `compound` attestation format

Pull Request - State: closed - Opened by timcappalli about 1 year ago - 4 comments
Labels: type:technical, @Risk

#1945 - Add importCryptoKey input to PRF extension

Pull Request - State: closed - Opened by emlun about 1 year ago - 8 comments
Labels: type:technical, subtype:extensions, @Risk

#1942 - make username fields optional (do not delete them, but do not force their usage, either, which is hostile against usernameless services)

Issue - State: closed - Opened by r-jo about 1 year ago - 16 comments
Labels: type:technical

#1941 - The default value of `attestation` member in `PublicKeyCredentialRequestOptions` should be null or must not have default value

Issue - State: closed - Opened by Kieun about 1 year ago - 5 comments
Labels: type:technical, stat:pr-open

#1937 - Remove isPPAA() and expand getClientCapabilities()

Issue - State: closed - Opened by timcappalli about 1 year ago - 2 comments
Labels: type:technical, stat:pr-open

#1933 - Indicate that the credential could be backed up and restored, but not synchronized

Issue - State: closed - Opened by Kieun about 1 year ago - 7 comments
Labels: type:technical

#1931 - Update Authenticator Definition

Pull Request - State: closed - Opened by nicksteele about 1 year ago - 2 comments
Labels: type:editorial

#1929 - Non-modal registration during conditional assertion

Issue - State: open - Opened by pascoej about 1 year ago - 12 comments
Labels: stat:Discuss, stat:pr-open, subtype:FeatureProposal, @Risk

#1926 - Clarify TPM attestation verification instructions

Pull Request - State: closed - Opened by sbweeden about 1 year ago - 4 comments
Labels: type:technical, @Risk

#1925 - TPM attestation verification steps inconsistent with FIDO conformance testing tool

Issue - State: closed - Opened by sbweeden about 1 year ago - 11 comments
Labels: type:technical, stat:pr-open, @Risk

#1923 - Add new getClientCapabilities method

Pull Request - State: closed - Opened by timcappalli about 1 year ago - 29 comments
Labels: type:technical, privacy-tracker

#1921 - Adding some sentences to describe credential sharing between multiple users

Issue - State: open - Opened by Kieun about 1 year ago - 7 comments
Labels: type:editorial, @Risk

#1917 - Allow desired attestation format to be an ordered list

Issue - State: closed - Opened by sbweeden about 1 year ago - 3 comments
Labels: type:technical

#1916 - Describe packed enterprise attestation

Issue - State: open - Opened by dwaite about 1 year ago
Labels: type:technical

#1916 - Describe packed enterprise attestation

Issue - State: closed - Opened by dwaite about 1 year ago
Labels: type:technical, stat:pr-open

#1915 - username and display name should not be mandatory (rp, challange either) and OS UX should be simplified if not present

Issue - State: closed - Opened by r-jo about 1 year ago - 22 comments
Labels: stat:Discuss, subtype:FeatureProposal

GitHub / w3c/webauthn issues and pull requests