Skip to content

Commit

Permalink
Fix interface/member confusion
Browse files Browse the repository at this point in the history 
Thanks to @equalsJeffH for spotting this.
  • Loading branch information
@vijaybh
vijaybh committed Feb 9, 2017
1 parent 7642dd6 commit c9b20a5
Showing 1 changed file with 27 additions and 27 deletions.
54 changes: 27 additions & 27 deletions index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -375,7 +375,7 @@ This method takes the following parameters:
created. This is meant for later use by the authenticator when it needs to prompt the user to select a credential. An
authenticator is only required to store one credential for any given value of {{accountInformation}}. Specifically, if an
authenticator already has a credential for the specified value of {{Account/id}} in {{accountInformation}}, and if this
credential is not listed in the {{ScopedCredentialOptions/excludeList}} attribute of {{options}}, then after successful
credential is not listed in the {{ScopedCredentialOptions/excludeList}} member of {{options}}, then after successful
execution of this method:
- Any calls to {{getAssertion()}} that do not specify {{AssertionOptions/allowList}} will not result in the older
credential being offered to the user.
Expand All @@ -394,7 +394,7 @@ This method takes the following parameters:

When this method is invoked, the user agent MUST execute the following algorithm:

1. If the {{ScopedCredentialOptions/timeoutSeconds}} attribute of {{options}} is <a>present</a>, check if its value lies within
1. If the {{ScopedCredentialOptions/timeoutSeconds}} member of {{options}} is <a>present</a>, check if its value lies within
a reasonable range as defined by the platform and if not, correct it to the closest value lying within that range. Set
|adjustedTimeout| to this adjusted value. If {{ScopedCredentialOptions/timeoutSeconds}} was not specified, then set
|adjustedTimeout| to a platform-specific default.
Expand All @@ -407,8 +407,8 @@ When this method is invoked, the user agent MUST execute the following algorithm
3. Set |callerOrigin| to the <a link-for='web'>current settings object</a>'s <a link-for='web'>origin</a>. If |callerOrigin| is
an <a link-for='web'>opaque origin</a>, reject |promise| with a <a>DOMException</a> whose name is "NotAllowedError", and
terminate this algorithm. Otherwise,
- If the {{ScopedCredentialOptions/rpId}} attribute of {{options}} is not <a>present</a>, then set |rpId| to |callerOrigin|.
- If the {{ScopedCredentialOptions/rpId}} attribute of {{options}} is <a>present</a>, then invoke the procedure used for
- If the {{ScopedCredentialOptions/rpId}} member of {{options}} is not <a>present</a>, then set |rpId| to |callerOrigin|.
- If the {{ScopedCredentialOptions/rpId}} member of {{options}} is <a>present</a>, then invoke the procedure used for
<a>relaxing the same-origin restriction</a> by setting the `document.domain` attribute, using
{{ScopedCredentialOptions/rpId}} as the given value but without changing the current document's `domain`. If no errors
are thrown, set |rpId| to the value of `host` as computed by this procedure. Otherwise, reject |promise| with a
Expand All @@ -427,7 +427,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
5. If |normalizedAlgorithm| is empty and {{cryptoParameters}} was not empty, cancel the timer started in step 2, reject
|promise| with a DOMException whose name is "NotSupportedError", and terminate this algorithm.

6. If the {{ScopedCredentialOptions/extensions}} attribute of {{options}} is <a>present</a>, process any extensions supported by
6. If the {{ScopedCredentialOptions/extensions}} member of {{options}} is <a>present</a>, process any extensions supported by
this client platform, to produce the extension data that needs to be sent to the authenticator. If an error is encountered
while processing an extension, skip that extension and do not produce any extension data for it. Call the result of this
processing |clientExtensions|.
Expand All @@ -439,14 +439,14 @@ When this method is invoked, the user agent MUST execute the following algorithm
8. Initialize |issuedRequests| and |currentlyAvailableAuthenticators| to empty lists.

9. For each authenticator currently available on this platform, add the authenticator to |currentlyAvailableAuthenticators|
unless the {{ScopedCredentialOptions/attachment}} attribute of {{options}} is <a>present</a>. In that case, let |attachment|
unless the {{ScopedCredentialOptions/attachment}} member of {{options}} is <a>present</a>. In that case, let |attachment|
be {{ScopedCredentialOptions/attachment}}, and add the authenticator to |currentlyAvailableAuthenticators| if its attachment
modality matches |attachment|.

10. For each authenticator in |currentlyAvailableAuthenticators|: asynchronously invoke the <a>authenticatorMakeCredential</a>
operation on that authenticator with |rpId|, <a>clientDataHash</a>, {{accountInformation}}, |normalizedParameters|,
{{ScopedCredentialOptions/excludeList}} and |clientExtensions| as parameters. Add a corresponding entry to |issuedRequests|.
- For each credential |C| in the {{ScopedCredentialOptions/excludeList}} attribute of {{options}} that has a non-empty
- For each credential |C| in the {{ScopedCredentialOptions/excludeList}} member of {{options}} that has a non-empty
|transports| list, optionally use only the specified transports to test for the existence of |C|.

11. While |issuedRequests| is not empty, perform the following actions depending upon the |adjustedTimeout| timer and responses
Expand Down Expand Up @@ -490,7 +490,7 @@ This method takes the following parameters:

When this method is invoked, the user agent MUST execute the following algorithm:

1. If the {{AssertionOptions/timeoutSeconds}} attribute of {{options}} is <a>present</a>, check if its value lies within a
1. If the {{AssertionOptions/timeoutSeconds}} member of {{options}} is <a>present</a>, check if its value lies within a
reasonable range as defined by the platform and if not, correct it to the closest value lying within that range. Set
|adjustedTimeout| to this adjusted value. If {{AssertionOptions/timeoutSeconds}} is not <a>present</a>, then set
|adjustedTimeout| to a platform-specific default.
Expand All @@ -503,14 +503,14 @@ When this method is invoked, the user agent MUST execute the following algorithm
3. Set |callerOrigin| to the <a link-for='web'>current settings object</a>'s <a link-for='web'>origin</a>. If |callerOrigin| is
an <a link-for='web'>opaque origin</a>, reject |promise| with a <a>DOMException</a> whose name is "NotAllowedError", and
terminate this algorithm. Otherwise,
- If the {{AssertionOptions/rpId}} attribute of {{options}} is not <a>present</a>, then set |rpId| to |callerOrigin|.
- If the {{AssertionOptions/rpId}} attribute of {{options}} is <a>present</a>, then invoke the procedure used for <a>relaxing
- If the {{AssertionOptions/rpId}} member of {{options}} is not <a>present</a>, then set |rpId| to |callerOrigin|.
- If the {{AssertionOptions/rpId}} member of {{options}} is <a>present</a>, then invoke the procedure used for <a>relaxing
the same-origin restriction</a> by setting the `document.domain` attribute, using {{AssertionOptions/rpId}} as the given
value but without changing the current document's `domain`. If no errors are thrown, set |rpId| to the value of `host`
as computed by this procedure. Otherwise, reject |promise| with a <a>DOMException</a> whose name is "SecurityError", and
terminate this algorithm.

4. If the {{AssertionOptions/extensions}} attribute of {{options}} is <a>present</a>, process any extensions supported by this
4. If the {{AssertionOptions/extensions}} member of {{options}} is <a>present</a>, process any extensions supported by this
client platform, to produce the extension data that needs to be sent to the authenticator. If an error is encountered while
processing an extension, skip that extension and do not produce any extension data for it. Call the result of this
processing |clientExtensions|.
Expand All @@ -522,7 +522,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
6. Initialize |issuedRequests| to an empty list.

7. For each authenticator currently available on this platform, perform the following steps:
- If the {{AssertionOptions/allowList}} attribute of {{options}} is empty, let |credentialList| be an empty list. Otherwise,
- If the {{AssertionOptions/allowList}} member of {{options}} is empty, let |credentialList| be an empty list. Otherwise,
execute a platform-specific procedure to determine which, if any, credentials listed in {{AssertionOptions/allowList}}
might be present on this authenticator, and set |credentialList| to this filtered list. If no such filtering is
possible, set |credentialList| to an empty list.
Expand Down Expand Up @@ -603,19 +603,19 @@ authorizing an authenticator with which to complete the operation.
is to be associated. It is intended to help the authenticator in providing a friendly credential selection interface for the
user.

The <dfn>rpDisplayName</dfn> attribute contains the friendly name of the [RP], such as "Acme Corporation", "Widgets Inc" or
The <dfn>rpDisplayName</dfn> member contains the friendly name of the [RP], such as "Acme Corporation", "Widgets Inc" or
"Awesome Site".

The <dfn>displayName</dfn> attribute contains the friendly name associated with the user account by the [RP], such as "John
The <dfn>displayName</dfn> member contains the friendly name associated with the user account by the [RP], such as "John
P. Smith".

The <dfn>id</dfn> attribute contains an identifier for the account, specified by the [RP]. This is not meant to be displayed
The <dfn>id</dfn> member contains an identifier for the account, specified by the [RP]. This is not meant to be displayed
to the user. It is used by the [RP] to control the number of credentials - an authenticator will never contain more than one
credential for a given [RP] under the same {{Account/id}}.

The <dfn>name</dfn> attribute contains a detailed name for the account, such as "john.p.smith@example.com".
The <dfn>name</dfn> member contains a detailed name for the account, such as "john.p.smith@example.com".

The <dfn>imageURL</dfn> attribute contains a URL that resolves to the user's account image. This may be a URL that can be
The <dfn>imageURL</dfn> member contains a URL that resolves to the user's account image. This may be a URL that can be
used to retrieve an image containing the user's current avatar, or a data URI that contains the image data.
</div>

Expand All @@ -632,9 +632,9 @@ authorizing an authenticator with which to complete the operation.
<div dfn-for="ScopedCredentialParameters">
This dictionary is used to supply additional parameters when creating a new credential.

The <dfn>type</dfn> attribute specifies the type of credential to be created.
The <dfn>type</dfn> member specifies the type of credential to be created.

The <dfn>algorithm</dfn> attribute specifies the cryptographic signature algorithm with which the newly generated credential
The <dfn>algorithm</dfn> member specifies the cryptographic signature algorithm with which the newly generated credential
will be used, and thus also the type of asymmetric key pair to be generated, e.g., RSA or Elliptic Curve.
</div>

Expand Down Expand Up @@ -763,7 +763,7 @@ user consent to a specific transaction. The structure of these signatures is def
- The optional <dfn>rpId</dfn> parameter specifies the rpId claimed by the caller. If it is omitted, it will be assumed to
be equal to the <a link-for='web'>current settings object</a>'s <a link-for='web'>origin</a>.

- The optional <dfn>allowList</dfn> attribute contains a list of credentials acceptable to the caller, in order of the
- The optional <dfn>allowList</dfn> member contains a list of credentials acceptable to the caller, in order of the
caller's preference.

- The optional <dfn>extensions</dfn> parameter contains additional parameters requesting additional processing by the client
Expand Down Expand Up @@ -808,20 +808,20 @@ string-valued keys. Values may be any type that has a valid encoding in JSON. It
</pre>

<div dfn-for="ClientData">
The <dfn>challenge</dfn> attribute contains the base64url encoding of the challenge provided by the RP.
The <dfn>challenge</dfn> member contains the base64url encoding of the challenge provided by the RP.

The <dfn>origin</dfn> attribute contains the fully qualified origin of the requester, as provided to the authenticator by
The <dfn>origin</dfn> member contains the fully qualified origin of the requester, as provided to the authenticator by
the client, in the syntax defined by [[RFC6454]].

The <dfn>hashAlg</dfn> attribute specifies the hash algorithm used to compute <a>clientDataHash</a>. Use "S256" for SHA-256,
The <dfn>hashAlg</dfn> member specifies the hash algorithm used to compute <a>clientDataHash</a>. Use "S256" for SHA-256,
"S384" for SHA384, "S512" for SHA512, and "SM3" for SM3 (see [[#iana-considerations]]). This algorithm is chosen by the
client at its sole discretion.

The <dfn>tokenBinding</dfn> attribute contains the base64url encoding of the Token Binding ID that this client uses for the
The <dfn>tokenBinding</dfn> member contains the base64url encoding of the Token Binding ID that this client uses for the
Token Binding protocol when communicating with the [RP]. This can be omitted if no Token Binding has been negotiated between
the client and the [RP].

The optional <dfn>extensions</dfn> attribute contains additional parameters generated by processing the extensions passed in
The optional <dfn>extensions</dfn> member contains additional parameters generated by processing the extensions passed in
by the [RP]. WebAuthn extensions are detailed in Section [[#extensions]].

This structure is used by the client to compute the following quantities:
Expand Down Expand Up @@ -895,9 +895,9 @@ the {{makeCredential()}} or {{getAssertion()}} method. It mirrors the fields of
these methods.

<div dfn-for="ScopedCredentialDescriptor">
The <dfn>type</dfn> attribute contains the type of the credential the caller is referring to.
The <dfn>type</dfn> member contains the type of the credential the caller is referring to.

The <dfn>id</dfn> attribute contains the identifier of the credential that the caller is referring to.
The <dfn>id</dfn> member contains the identifier of the credential that the caller is referring to.
</div>


Expand Down

0 comments on commit c9b20a5

Please sign in to comment.