public key cred - fixes #406 #432
Conversation
equalsJeffH
requested review from
jyasskin,
jcjones,
leshi,
AngeloKai,
selfissued and
vijaybh
There was a problem hiding this comment.
I double-checked https://api.csswg.org/bikeshed/?url=https://raw.githubusercontent.com/w3c/webauthn/jeffh-publicKeyCred-406/index.bs for any remaining uses of "scoped", and they all make sense after the rename.
index.bs
Outdated
| :: The {{ScopedCredential}} [=interface object=]'s {{Credential/[[type]]}} [=internal slot=]'s value is the string | ||
| "`scoped`". | ||
| :: The {{PublicKeyCredential}} [=interface object=]'s {{Credential/[[type]]}} [=internal slot=]'s value is the string | ||
| "`publickey`". |
There was a problem hiding this comment.
I believe https://w3ctag.github.io/design-principles/#casing-rules recommends "public-key" here.
There was a problem hiding this comment.
yeah, it did seem to me that casing-rules can be interpreted to apply here, but it sorta seems an "internal slot" is only implicitly an enum. If up to me I'd use "publickey" rather than "public-key", but it's not a big deal. this was sort of an experiment to see if anyone would catch it :)
There was a problem hiding this comment.
:) The only things that just concatenate lower-case words are events and HTML elements and attributes, and this definitely isn't one of those.
| or length of this identifier, except that it must be sufficient for the platform to uniquely select a key. For example, | ||
| an authenticator without on-board storage may create identifiers containing a [=credential private key=] wrapped with a | ||
| symmetric key that is burned into the authenticator. | ||
| :: This [=internal slot=] contains an identifier for the credential, chosen by the platform with help from the |
There was a problem hiding this comment.
I think the file is mostly wrapped to 130 characters. To avoid churn, maybe don't rewrap to less than that when you're not otherwise changing the paragraph?
There was a problem hiding this comment.
@vijaybh wrapped it to 128 chars when initially converting to BS format: https://lists.w3.org/Archives/Public/public-webauthn/2016Apr/0116.html
There was a problem hiding this comment.
personally, I'd much prefer 80-char lines, but can live with it as-is.
Also, I tried hard-wrap+indent of header lines "#..." and BS complained so did not wrap them.
index.bs
Outdated
| enum ScopedCredentialType { | ||
| "scoped" | ||
| enum PublicKeyCredentialType { | ||
| "publickey" |
There was a problem hiding this comment.
Probably "public-key" per https://w3ctag.github.io/design-principles/#casing-rules.
There was a problem hiding this comment.
ja, shur, u betcha, see above.
index.bs
Outdated
| This enumeration defines the valid credential types. It is an extension point; values may be added to it in the future, as | ||
| more credential types are defined. The values of this enumeration are used for versioning the Authentication Assertion and | ||
| attestation structures according to the type of the authenticator. | ||
|
|
||
| Currently one credential type is defined, namely "<dfn>scoped</dfn>". | ||
| Currently one credential type is defined, namely "<dfn>publickey</dfn>". |
There was a problem hiding this comment.
And here, so you don't have to re-find this use.
index.bs
Outdated
| @@ -2443,7 +2466,7 @@ The entry key is the [=extension identifier=] and the value is the [=client exte | |||
|
|
|||
| <pre class="example" highlight="js"> | |||
| var assertionPromise = navigator.credentials.get({ | |||
| scoped: { | |||
| publickey: { | |||
index.bs
Outdated
| @@ -3060,11 +3086,11 @@ The sample code for generating and registering a new key follows: | |||
| // prefers an ES256 credential. | |||
| parameters: [ | |||
| { | |||
| type: "scoped", | |||
| type: "publickey", | |||
index.bs
Outdated
| @@ -3076,7 +3102,7 @@ The sample code for generating and registering a new key follows: | |||
| }; | |||
|
|
|||
| // Note: The following call will cause the authenticator to display UI. | |||
| navigator.credentials.create({ scoped }) | |||
| navigator.credentials.create({ publickey }) | |||
index.bs
Outdated
|
|
||
| var options = { | ||
| challenge: new TextEncoder().encode("climb a mountain"), | ||
| timeout: 60000, // 1 minute | ||
| allowList: [{ type: "scoped" }] | ||
| allowList: [{ type: "publickey" }] |
index.bs
Outdated
| }; | ||
|
|
||
| navigator.credentials.get({ "scoped": options }) | ||
| navigator.credentials.get({ "publickey": options }) |
index.bs
Outdated
|
|
||
| var encoder = new TextEncoder(); | ||
| var acceptableCredential1 = { | ||
| type: "scoped", | ||
| type: "publickey", |
|
I agree that we shouldn't re-wrap lines unless we're actually changing them to prevent unnecessary merge conflicts. |
|
BTW, I'm not suggesting unwrapping any lines that were already re-wrapped by this set of edits. What's done is done. |
|
@selfissued said
fyi/fwiw: AFAIK simply re-hard-wrapping lines does not itself cause merge conflicts -- e.g. it did not when I merged master into this branch, nor when I've done prior line-wrapping cleanup in prior PRs. |
|
Ok folks -- given the three positive reviews so far, unless anyone objects by noon PT, I have it good authority that @selfissued is gonna merge this :) |
|
@selfissued @equalsJeffH I still need to review them. I may submit a formal objection later today. |
|
I really would like to hear from all the implementers on this one before it is just merged @jcjones and @AngeloKai |
|
@equalsJeffH My main concern with the change is that the new name, "PublicKeyCredentials", isn't easier to understand for web developers than the old name "ScopedCredential". The former implies the credential has a public/private key pair, which is a common concept found in every crypto API. The latter implies the credential is scoped to something, which most web dev immediately think of scoping to origin. I took an informal vote around my office full of web developers and none of them knows what either means. I am afraid we are tinkering without real feedbacks. |
|
My 2 cents is that the spec is SO complex that there is no way anyone is going to understand it enough to implement anything useful by skimming it. The developers at the very least will have to understand how to verify assertions. IMHO, that will be easier if they have the "asymmetric key" big picture rather than the "scoped to something" big picture. I support this change. |
|
"Scoped" will never survive TAG review because it doesn't distinguish this kind of credential from any other kind of web credential. PublicKey might not survive either, due to some of the other public-key-ish systems mentioned in #406 (comment), but it at least has a chance. We should get feedback on a name that has a chance, rather than getting feedback on one that doesn't. I'm not wedded to "PublicKey" if @AngeloKai has another suggestion, but we do need a concrete suggestion. |
|
@jyasskin @leshi How about DeviceBoundCredentials or AuthenticatorBoundCredentials? One of the biggest value add of the API is that credentials are now bound with the device, ensuring at least security boundary. Also, "scoped" already survived the TAG review: w3ctag/design-reviews#97 |
|
@AngeloKai In your informal vote, what did your coworkers think a device- or authenticator-bound credential would imply? What did they think a public-key credential would imply? IIUC, with self-attested keys, there's not actually a guarantee that the key is bound to the client? Whereas there is always a public/private key pair involved? (None of the ScopedCredential interface survived the first TAG review: they said to merge it into Credential Manager.) |
|
"DeviceBoundCredential" would be acceptable to me. I prefer "PublicKeyCredential" because it gives developers more hint about how they need to use the credential, and I don't think @AngeloKai has given an argument against it ("implies the credential has a public/private key pair" is correct), but "DeviceBound" does distinguish this from other kinds of credentials on the platform. |
|
I like publicKeyCredential (as it is more specific than ScopedCredential). Good to be merged. |
|
decision on the webauthn call today is to merge this for WD-05: |
…Info These were added in #1742, but none of these interfaces are in Chrome, Firefox or Safari, or appear in Chromium, Gecko or WebKit source code. (There are matches in Gecko and WebKit, but for internal things, not web-exposed interfaces.) `AuthenticationAssertion` was renamed to `AuthenticatorAssertionResponse` in w3c/webauthn#397. `ScopedCredential` was renamed to `PublicKeyCredential` in w3c/webauthn#432. `ScopedCredentialInfo` was renamed to `AuthenticatorResponse` in w3c/webauthn#397. All of the new names are already in BCD.
…Info (#9398) These were added in #1742, but none of these interfaces are in Chrome, Firefox or Safari, or appear in Chromium, Gecko or WebKit source code. (There are matches in Gecko and WebKit, but for internal things, not web-exposed interfaces.) `AuthenticationAssertion` was renamed to `AuthenticatorAssertionResponse` in w3c/webauthn#397. `ScopedCredential` was renamed to `PublicKeyCredential` in w3c/webauthn#432. `ScopedCredentialInfo` was renamed to `AuthenticatorResponse` in w3c/webauthn#397. All of the new names are already in BCD.
"scoped cred" -> "public key cred" - fixes #406
whatchay'all think?
/cc @mikewest