Skip to content

Commit

Permalink
Created linkable definition for WebAuthn Extensions and linked to it …
Browse files Browse the repository at this point in the history 
…throughout the spec. Fixes #1180.
  • Loading branch information
@futureimperfect
futureimperfect committed Mar 25, 2019
1 parent 8678b43 commit a946a09
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1908,7 +1908,7 @@ optionally evidence of [=user consent=] to a specific transaction.
example, the caller may request that only authenticators with certain capabilities be used to create the credential, or
that particular information be returned in the [=attestation object=]. Some extensions are defined in [[#extensions]];
consult the IANA "WebAuthn Extension Identifier" registry established by [[!WebAuthn-Registries]] for an up-to-date list
of registered WebAuthn Extensions.
of registered [=WebAuthn Extensions=].
</div>

### Public Key Entity Description (dictionary <dfn dictionary>PublicKeyCredentialEntity</dfn>) ### {#dictionary-pkcredentialentity}
Expand Down Expand Up @@ -3654,7 +3654,7 @@ different versions are thus treated as different formats, e.g., `packed2` as a n
format.

The following sections present a set of currently-defined and registered attestation statement formats and their identifiers.
The up-to-date list of registered WebAuthn Extensions is maintained in the IANA "WebAuthn Attestation Statement Format
The up-to-date list of registered [=WebAuthn Extensions=] is maintained in the IANA "WebAuthn Attestation Statement Format
Identifier" registry established by [[!WebAuthn-Registries]].


Expand Down Expand Up @@ -4187,7 +4187,7 @@ The none attestation statement format is used to replace any [=authenticator=]-p
: Verification procedure
:: Return implementation-specific values representing [=attestation type=] [=None=] and an empty [=attestation trust path=].

# WebAuthn Extensions # {#extensions}
# <dfn>WebAuthn Extensions</dfn> # {#extensions}

The mechanism for generating [=public key credentials=], as well as requesting and generating Authentication assertions, as
defined in [[#api]], can be extended to suit particular use cases. Each case is addressed by defining a <dfn>registration
Expand Down Expand Up @@ -4230,14 +4230,14 @@ that it supports, and returns the [=CBOR=] [=authenticator extension output=] fo
the [=client extension processing=] for [=authenticator extensions=] is to use the [=authenticator extension output=] as an
input to creating the [=client extension output=].

All WebAuthn extensions are OPTIONAL for both clients and authenticators. Thus, any extensions requested by a [=[RP]=] MAY be
All [=WebAuthn Extensions=] are OPTIONAL for both clients and authenticators. Thus, any extensions requested by a [=[RP]=] MAY be
ignored by the client browser or OS and not passed to the authenticator at all, or they MAY be ignored by the authenticator.
Ignoring an extension is never considered a failure in WebAuthn API processing, so when [=[RPS]=] include extensions with any
API calls, they MUST be prepared to handle cases where some or all of those extensions are ignored.

Clients wishing to support the widest possible range of extensions MAY choose to pass through any extensions that they do not
recognize to authenticators, generating the [=authenticator extension input=] by simply encoding the [=client extension input=]
in CBOR. All WebAuthn extensions MUST be defined in such a way that this implementation choice does not endanger the user's
in CBOR. All [=WebAuthn Extensions=] MUST be defined in such a way that this implementation choice does not endanger the user's
security or privacy. For instance, if an extension requires client processing, it could be defined in a manner that ensures such
a naïve pass-through will produce a semantically invalid [=authenticator extension input=] value, resulting in the extension
being ignored by the authenticator. Since all extensions are OPTIONAL, this will not cause a functional failure in the API
Expand Down Expand Up @@ -4270,7 +4270,7 @@ Supporting this capability can facilitate innovation, allowing authenticators to
and [=[RPS]=] to use them before there is explicit support for them in clients.

The IANA "WebAuthn Extension Identifier" registry established by [[!WebAuthn-Registries]] can be consulted
for an up-to-date list of registered WebAuthn Extensions.
for an up-to-date list of registered [=WebAuthn Extensions=].


## Extension Identifiers ## {#sctn-extension-id}
Expand Down

0 comments on commit a946a09

Please sign in to comment.