Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove TokenBinding #1630

Merged
merged 4 commits into from
Jul 28, 2021
Merged

Remove TokenBinding #1630

merged 4 commits into from
Jul 28, 2021

Conversation

nicksteele
Copy link
Contributor

@nicksteele nicksteele commented Jun 17, 2021
edited by pr-preview bot
Loading

This addresses the issues #1627 and #1623 along with what we discussed in the bi-weekly meeting. All references to TokenBinding have been removed from the document and IDLs, although I would be open to leaving a partial reference with a DEPRECATED flair in the ClientDataJSON section for posterity.

Preview | Diff

@nadalin nadalin added this to the L3-WD-01 milestone Jun 30, 2021
@nicksteele
Copy link
Contributor Author

Notes from call: Should mark TokenBinding as a reserved name within the ClientData

selfissued
selfissued requested changes Jun 30, 2021
View reviewed changes
Copy link
Contributor

@selfissued selfissued left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per the discussion on the 30-Jun-21 call, I believe that the existing Token Binding identifiers in the specification should be marked as reserved, probably saying that they were used in L1 and L2, and not simply removed.

@nicksteele nicksteele mentioned this pull request Jun 30, 2021
Closed
selfissued
selfissued reviewed Jul 14, 2021
View reviewed changes
index.bs Outdated
with the [=[RP]=]. Its absence indicates that the client doesn't support token binding.
with the [=[RP]=]. Its absence indicates that the client doesn't support token binding

Note: While [=Token Binding=] was present in Level 1 and Level 2 of WebAuthn, it should not be expected to be present or supported in future versions of the specification.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change "it should not be expected to be present or supported in future versions of the specification" to "its use is not expected in Level 3. The {{CollectedClientData/tokenBinding}} field is reserved so that it will not be reused for a different purpose."

selfissued
selfissued requested changes Jul 14, 2021
View reviewed changes
Copy link
Contributor

@selfissued selfissued left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update the language about the tokenBinding field being reserved as suggested.

selfissued
selfissued approved these changes Jul 28, 2021
View reviewed changes
Copy link
Contributor

@selfissued selfissued left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for accepting my suggestions.

@nicksteele nicksteele merged commit a30f8e8 into main Jul 28, 2021
github-actions bot added a commit that referenced this pull request Jul 28, 2021
@github-actions
Merge pull request #1630 from w3c/remove-tokenbinding
efcbb19 
SHA: a30f8e8
Reason: push, by @nicksteele

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@emlun emlun deleted the remove-tokenbinding branch August 11, 2021 19:33
@agl agl mentioned this pull request Aug 11, 2021
Closed
This was referenced Sep 27, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agl agl agl approved these changes

@ve7jtb ve7jtb ve7jtb approved these changes

@selfissued selfissued selfissued approved these changes

Assignees

@nicksteele nicksteele

Labels
type:technical
Projects
None yet
Milestone
L3-WD-01
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@nicksteele @agl @ve7jtb @selfissued @nadalin