Merge pull request #1140 from w3c/issue-1123-uv-up

Let requireUserPresence always be true in authenticator operations
w3c · Mar 7, 2019 · 26cf7c6 · 26cf7c6
2 parents 7bc2f03 + d9de125
commit 26cf7c6
Showing 1 changed file with 9 additions and 14 deletions.
diff --git a/index.bs b/index.bs
@@ -1161,8 +1161,6 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
 
                     </dl>
 
-            1. Let |userPresence| be a Boolean value set to the inverse of |userVerification|.
-
             1. Let |excludeCredentialDescriptorList| be a new [=list=].
 
             1. [=list/For each=] credential descriptor |C| in <code>|options|.{{PublicKeyCredentialCreationOptions/excludeCredentials}}</code>:
@@ -1175,7 +1173,6 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
                 |clientDataHash|,
                 <code>|options|.{{PublicKeyCredentialCreationOptions/rp}}</code>, <code>|options|.{{PublicKeyCredentialCreationOptions/user}}</code>,
                 <code>|options|.{{PublicKeyCredentialCreationOptions/authenticatorSelection}}.{{AuthenticatorSelectionCriteria/requireResidentKey}}</code>,
-                |userPresence|,
                 |userVerification|,
                 |credTypesAndPubKeyAlgs|,
                 |excludeCredentialDescriptorList|,
@@ -1519,8 +1516,6 @@ When this method is invoked, the user agent MUST execute the following algorithm
 
                     </dl>
 
-            1. Let |userPresence| be a Boolean value set to the inverse of |userVerification|.
-
             1. <span id="allowCredentialDescriptorListCreation"></span>
                 If <code>|options|.{{PublicKeyCredentialRequestOptions/allowCredentials}}</code>
                 <dl class="switch">
@@ -1557,19 +1552,19 @@ When this method is invoked, the user agent MUST execute the following algorithm
                                     selection.
 
                                     Then, using |transport|, invoke the [=authenticatorGetAssertion=] operation on
-                                    |authenticator|, with |rpId|, |clientDataHash|, |allowCredentialDescriptorList|, |userPresence|,
+                                    |authenticator|, with |rpId|, |clientDataHash|, |allowCredentialDescriptorList|,
                                     |userVerification|, and |authenticatorExtensions| as parameters.
 
                                 :   [=list/is empty=]
                                 ::  Using local configuration knowledge of the appropriate transport to use with |authenticator|,
                                     invoke the [=authenticatorGetAssertion=] operation on |authenticator| with |rpId|,
-                                    |clientDataHash|, |allowCredentialDescriptorList|, |userPresence|, |userVerification|, and
+                                    |clientDataHash|, |allowCredentialDescriptorList|, |userVerification|, and
                                     |authenticatorExtensions| as parameters.
                             </dl>
 
                     :   [=list/is empty=]
                     ::  Using local configuration knowledge of the appropriate transport to use with |authenticator|, invoke the
-                        [=authenticatorGetAssertion=] operation on |authenticator| with |rpId|, |clientDataHash|, |userPresence|,
+                        [=authenticatorGetAssertion=] operation on |authenticator| with |rpId|, |clientDataHash|,
                         |userVerification| and |authenticatorExtensions| as parameters.
 
                         Note: In this case, the [=[RP]=] did not supply a list of acceptable credential descriptors. Thus, the
@@ -2851,9 +2846,9 @@ It takes the following input parameters:
 : |requireResidentKey|
 :: The {{PublicKeyCredentialCreationOptions/authenticatorSelection}}.{{requireResidentKey}} value given by the [=[RP]=].
 : |requireUserPresence|
-:: A Boolean value provided by the client, which in invocations from a [=[WAC]=]'s
-    {{PublicKeyCredential/[[Create]](origin, options, sameOriginWithAncestors)}} method is always set to the inverse of
-    |requireUserVerification|.
+:: The constant Boolean value [TRUE].
+    It is included here as a pseudo-parameter to simplify applying this abstract authenticator model to implementations that may
+    wish to make a [=test of user presence=] optional although WebAuthn does not.
 : |requireUserVerification|
 :: The [=effective user verification requirement for credential creation=], a Boolean value provided by the client.
 : |credTypesAndPubKeyAlgs|
@@ -2982,9 +2977,9 @@ It takes the following input parameters:
 :: An OPTIONAL [=list=] of {{PublicKeyCredentialDescriptor}}s describing credentials acceptable to the [=[RP]=] (possibly filtered
     by the client), if any.
 : |requireUserPresence|
-:: A Boolean value provided by the client, which in invocations from a [=[WAC]=]'s
-    {{PublicKeyCredential/[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)}} method is always set to the inverse of
-    |requireUserVerification|.
+:: The constant Boolean value [TRUE].
+    It is included here as a pseudo-parameter to simplify applying this abstract authenticator model to implementations that may
+    wish to make a [=test of user presence=] optional although WebAuthn does not.
 : |requireUserVerification|
 :: The [=effective user verification requirement for assertion=], a Boolean value provided by the client.
 : |extensions|