Skip to content

Commit

Permalink
Incorporate feedback from @equalsJeffH
Browse files Browse the repository at this point in the history
  • Loading branch information
@vijaybh
vijaybh committed Sep 16, 2016
1 parent 7cbf57a commit 7943865
Showing 1 changed file with 13 additions and 15 deletions.
28 changes: 13 additions & 15 deletions index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ or a combination of both.

This specification relies on several other underlying specifications.

: HTML 5.1
: HTML
:: The concept of <dfn for='web'>origin</dfn> and the <dfn>Navigator</dfn> interface are defined in [[!HTML51-20160621]].

: Web IDL
Expand Down Expand Up @@ -218,8 +218,8 @@ NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and

: <dfn>Relying Party Identifier</dfn>
: <dfn>RP ID</dfn>
:: A Relying Party Identifier defines the scope of a given credential, i.e. the set of web origins that the client will permit
to access that credential. It is derived from a <a>[RP]</a>'s web origin's hostname or directly specified by the [RP].
:: A Relying Party Identifier defines the scope of a given credential, i.e. the set of origins that the client will permit to
access that credential. It is derived from a <a>[RP]</a>'s web origin's hostname or directly specified by the [RP].

: <dfn>Scoped Credential</dfn>
:: Generically, a credential is data one entity presents to another in order to authenticate the former's identity [[RFC4949]].
Expand Down Expand Up @@ -343,12 +343,11 @@ When this method is invoked, the user agent MUST execute the following algorithm
Then asynchronously continue executing the following steps.

3. Set |callerOrigin| to the <a link-for='web'>origin</a> of the caller. If {{CredentialOptions/rpId}} is not specified, then
set |rpId| to the Unicode serialization of |callerOrigin| as specified in [[!HTML51-20160621]] section 6.4. If
{{CredentialOptions/rpId}} is specified, then check if its value would be an acceptable setting for the current document's
`domain` by running the algorithm in [[!HTML51-20160621]] section 6.4.1 (but do not change the current document's `domain`).
If it is not permissible, reject |promise| with a <a>DOMException</a> whose name is "SecurityError", and terminate this
algorithm. If it is permissible, then set |rpId| to the Unicode serialization of {{CredentialOptions/rpId}}. Set |rpIdHash|
to the SHA-256 hash of the UTF-8 encoding of |rpId|.
set |rpId| to |callerOrigin|. If {{CredentialOptions/rpId}} is specified, then invoke the algorithm for relaxing the same-
origin restriction as specified in [[!HTML51-20160621]] section 6.4.1, using {{CredentialOptions/rpId}} as the given value
and without changing the current document's `domain`. If any errors are thrown, reject |promise| with a <a>DOMException</a>
whose name is "SecurityError", and terminate this algorithm. If no errors are thrown, set |rpId| to the value of `host` as
computed by the algorithm. Set |rpIdHash| to the SHA-256 hash of |rpId|.

4. Process each element of <a>cryptoParameters</a> using the following steps, to produce a new sequence `normalizedParameters`:
- Let |current| be the currently selected element of <a>cryptoParameters</a>.
Expand Down Expand Up @@ -422,12 +421,11 @@ When this method is invoked, the user agent MUST execute the following algorithm
Then asynchronously continue executing the following steps.

3. Set |callerOrigin| to the <a link-for='web'>origin</a> of the caller. If {{CredentialOptions/rpId}} is not specified, then
set |rpId| to the Unicode serialization of |callerOrigin| as specified in [[!HTML51-20160621]] section 6.4. If
{{CredentialOptions/rpId}} is specified, then check if its value would be an acceptable setting for the current document's
`domain` by running the algorithm in [[!HTML51-20160621]] section 6.4.1 (but do not change the current document's `domain`).
If it is not permissible, reject |promise| with a <a>DOMException</a> whose name is "SecurityError", and terminate this
algorithm. If it is permissible, then set |rpId| to the Unicode serialization of {{CredentialOptions/rpId}}. Set |rpIdHash|
to the SHA-256 hash of the UTF-8 encoding of |rpId|.
set |rpId| to |callerOrigin|. If {{CredentialOptions/rpId}} is specified, then invoke the algorithm for relaxing the same-
origin restriction as specified in [[!HTML51-20160621]] section 6.4.1, using {{CredentialOptions/rpId}} as the given value
and without changing the current document's `domain`. If any errors are thrown, reject |promise| with a <a>DOMException</a>
whose name is "SecurityError", and terminate this algorithm. If no errors are thrown, set |rpId| to the value of `host` as
computed by the algorithm. Set |rpIdHash| to the SHA-256 hash of |rpId|.

4. If {{AssertionOptions/extensions}} was specified, process any extensions supported by this client platform, to produce the
extension data that needs to be sent to the authenticator. Call this data |clientExtensions|.
Expand Down

0 comments on commit 7943865

Please sign in to comment.