Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move state updates to last in RP verification steps #1807

Merged
merged 2 commits into from
Oct 5, 2022
Merged

Move state updates to last in RP verification steps #1807

merged 2 commits into from
Oct 5, 2022

Conversation

emlun
Copy link
Member

@emlun emlun commented Sep 22, 2022
edited by pr-preview bot
Loading

This relates to (but does not fix) issue #1711, and will be useful for applying the new "credential record" (see #1773) abstraction to PR #1663. The stored state should be updated only after performing all validation and verification steps.

This also changes the definition type (and therefore autolink syntax) for the credential record struct members from dfn to abstract-op. This will help avoid conflicts with existing definitions, including [=scope=], as we introduce a struct for devicePubKey records as well.

Preview | Diff

@emlun
Change definition type of credential record items to abstract-op
2ccb9f8 
This will help avoid conflicts with existing definitions, including [=scope=],
as we introduce a struct for devicePubKey records as well.
@emlun
Move state updates to last in in RP verification steps
05fe54d 
The state should be updated only after verifying the signature. This change will
be useful for the devicePubKey branch.
@emlun emlun added this to the L3-WD-01 milestone Sep 22, 2022
@emlun emlun self-assigned this Sep 22, 2022
@emlun
Copy link
Member Author

emlun commented Sep 23, 2022

(You can also see a sneak peek of the draft for devicePubKey records here: jeffh-fix-1658-device-bound-key-extension...emlun:webauthn:dpk-credential-record#diff-5e793325cd2bfc452e268a4aa2f02b4024dd9584bd1db3c2595f61f1ecf7b985R7079)

Firstyear
Firstyear approved these changes Sep 26, 2022
View reviewed changes
Copy link
Contributor

@Firstyear Firstyear left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really good, makes sense to me.

@emlun emlun changed the title Move state updates to last in in RP verification steps Move state updates to last in RP verification steps Sep 26, 2022
MasterKale
MasterKale reviewed Oct 4, 2022
View reviewed changes
index.bs
:: The value returned from <code>|response|.{{AuthenticatorAttestationResponse/getTransports()}}</code>.

: [=credential record/BE=]
: [$credential record/BE$]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason not to make this a bit more readable and call the column backupEligible instead? It'll save people a click who don't know to equate "BE" to the flag's full name.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, thanks! But unrelated to this change, so let's tackle that in issue #1811.

MasterKale
MasterKale reviewed Oct 4, 2022
View reviewed changes
index.bs
:: The value of the [=authData/flags/BE=] [=flag=] in |authData|.

: [=credential record/BS=]
: [$credential record/BS$]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason not to make this a bit more readable and call the column backupStatus instead? It'll save people a click who don't know to equate "BS" to the flag's full name.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, thanks! But unrelated to this change, so let's tackle that in issue #1811.

@emlun emlun mentioned this pull request Oct 5, 2022
Closed
timcappalli
timcappalli approved these changes Oct 5, 2022
View reviewed changes
Copy link
Member

@timcappalli timcappalli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@emlun
Copy link
Member Author

emlun commented Oct 5, 2022

@MasterKale I'll consider your current comments resolved, but you're welcome to add any more comments either here (even after merging) or in #1811.

@emlun emlun merged commit d5873cf into main Oct 5, 2022
@emlun emlun deleted the verify-assertion-update-order branch October 5, 2022 20:00
github-actions bot added a commit that referenced this pull request Oct 5, 2022
@emlun @github-actions
Merge pull request #1807 from w3c/verify-assertion-update-order
451ade8 
SHA: d5873cf
Reason: push, by @emlun

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This was referenced Oct 5, 2022
Merged
Merged
@emlun emlun mentioned this pull request Mar 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MasterKale MasterKale MasterKale left review comments

@agl agl agl approved these changes

@Firstyear Firstyear Firstyear approved these changes

@timcappalli timcappalli timcappalli approved these changes

Assignees

@emlun emlun

Labels
type:editorial
Projects
None yet
Milestone
L3-WD-01
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@emlun @agl @Firstyear @MasterKale @timcappalli