-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
public key cred - fixes #406 #432
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I double-checked https://api.csswg.org/bikeshed/?url=https://raw.githubusercontent.com/w3c/webauthn/jeffh-publicKeyCred-406/index.bs for any remaining uses of "scoped", and they all make sense after the rename.
index.bs
Outdated
:: The {{ScopedCredential}} [=interface object=]'s {{Credential/[[type]]}} [=internal slot=]'s value is the string | ||
"`scoped`". | ||
:: The {{PublicKeyCredential}} [=interface object=]'s {{Credential/[[type]]}} [=internal slot=]'s value is the string | ||
"`publickey`". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe https://w3ctag.github.io/design-principles/#casing-rules recommends "public-key" here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, it did seem to me that casing-rules can be interpreted to apply here, but it sorta seems an "internal slot" is only implicitly an enum. If up to me I'd use "publickey" rather than "public-key", but it's not a big deal. this was sort of an experiment to see if anyone would catch it :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:) The only things that just concatenate lower-case words are events and HTML elements and attributes, and this definitely isn't one of those.
or length of this identifier, except that it must be sufficient for the platform to uniquely select a key. For example, | ||
an authenticator without on-board storage may create identifiers containing a [=credential private key=] wrapped with a | ||
symmetric key that is burned into the authenticator. | ||
:: This [=internal slot=] contains an identifier for the credential, chosen by the platform with help from the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the file is mostly wrapped to 130 characters. To avoid churn, maybe don't rewrap to less than that when you're not otherwise changing the paragraph?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vijaybh wrapped it to 128 chars when initially converting to BS format: https://lists.w3.org/Archives/Public/public-webauthn/2016Apr/0116.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
personally, I'd much prefer 80-char lines, but can live with it as-is.
Also, I tried hard-wrap+indent of header lines "#..." and BS complained so did not wrap them.
index.bs
Outdated
enum ScopedCredentialType { | ||
"scoped" | ||
enum PublicKeyCredentialType { | ||
"publickey" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably "public-key" per https://w3ctag.github.io/design-principles/#casing-rules.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ja, shur, u betcha, see above.
index.bs
Outdated
This enumeration defines the valid credential types. It is an extension point; values may be added to it in the future, as | ||
more credential types are defined. The values of this enumeration are used for versioning the Authentication Assertion and | ||
attestation structures according to the type of the authenticator. | ||
|
||
Currently one credential type is defined, namely "<dfn>scoped</dfn>". | ||
Currently one credential type is defined, namely "<dfn>publickey</dfn>". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And here, so you don't have to re-find this use.
index.bs
Outdated
@@ -2443,7 +2466,7 @@ The entry key is the [=extension identifier=] and the value is the [=client exte | |||
|
|||
<pre class="example" highlight="js"> | |||
var assertionPromise = navigator.credentials.get({ | |||
scoped: { | |||
publickey: { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
publicKey
index.bs
Outdated
@@ -3060,11 +3086,11 @@ The sample code for generating and registering a new key follows: | |||
// prefers an ES256 credential. | |||
parameters: [ | |||
{ | |||
type: "scoped", | |||
type: "publickey", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
public-key
index.bs
Outdated
@@ -3076,7 +3102,7 @@ The sample code for generating and registering a new key follows: | |||
}; | |||
|
|||
// Note: The following call will cause the authenticator to display UI. | |||
navigator.credentials.create({ scoped }) | |||
navigator.credentials.create({ publickey }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
publicKey
index.bs
Outdated
|
||
var options = { | ||
challenge: new TextEncoder().encode("climb a mountain"), | ||
timeout: 60000, // 1 minute | ||
allowList: [{ type: "scoped" }] | ||
allowList: [{ type: "publickey" }] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
public-key
index.bs
Outdated
}; | ||
|
||
navigator.credentials.get({ "scoped": options }) | ||
navigator.credentials.get({ "publickey": options }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
publicKey
index.bs
Outdated
|
||
var encoder = new TextEncoder(); | ||
var acceptableCredential1 = { | ||
type: "scoped", | ||
type: "publickey", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm supportive of these changes; they compiled fine locally, and while I didn't re-read the whole spec, I did some grep-ing and checked over the algorithms.
I like just calling it a public key. 👍
I agree that we shouldn't re-wrap lines unless we're actually changing them to prevent unnecessary merge conflicts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Merge this one soon. The edits are so extensive that there are likely to be continual merge conflicts until this is in.
BTW, I'm not suggesting unwrapping any lines that were already re-wrapped by this set of edits. What's done is done. |
@selfissued said
fyi/fwiw: AFAIK simply re-hard-wrapping lines does not itself cause merge conflicts -- e.g. it did not when I merged master into this branch, nor when I've done prior line-wrapping cleanup in prior PRs. |
Ok folks -- given the three positive reviews so far, unless anyone objects by noon PT, I have it good authority that @selfissued is gonna merge this :) |
@selfissued @equalsJeffH I still need to review them. I may submit a formal objection later today. |
I really would like to hear from all the implementers on this one before it is just merged @jcjones and @AngeloKai |
@equalsJeffH My main concern with the change is that the new name, "PublicKeyCredentials", isn't easier to understand for web developers than the old name "ScopedCredential". The former implies the credential has a public/private key pair, which is a common concept found in every crypto API. The latter implies the credential is scoped to something, which most web dev immediately think of scoping to origin. I took an informal vote around my office full of web developers and none of them knows what either means. I am afraid we are tinkering without real feedbacks. |
My 2 cents is that the spec is SO complex that there is no way anyone is going to understand it enough to implement anything useful by skimming it. The developers at the very least will have to understand how to verify assertions. IMHO, that will be easier if they have the "asymmetric key" big picture rather than the "scoped to something" big picture. I support this change. |
"Scoped" will never survive TAG review because it doesn't distinguish this kind of credential from any other kind of web credential. PublicKey might not survive either, due to some of the other public-key-ish systems mentioned in #406 (comment), but it at least has a chance. We should get feedback on a name that has a chance, rather than getting feedback on one that doesn't. I'm not wedded to "PublicKey" if @AngeloKai has another suggestion, but we do need a concrete suggestion. |
@jyasskin @leshi How about DeviceBoundCredentials or AuthenticatorBoundCredentials? One of the biggest value add of the API is that credentials are now bound with the device, ensuring at least security boundary. Also, "scoped" already survived the TAG review: w3ctag/design-reviews#97 |
@AngeloKai In your informal vote, what did your coworkers think a device- or authenticator-bound credential would imply? What did they think a public-key credential would imply? IIUC, with self-attested keys, there's not actually a guarantee that the key is bound to the client? Whereas there is always a public/private key pair involved? (None of the ScopedCredential interface survived the first TAG review: they said to merge it into Credential Manager.) |
"DeviceBoundCredential" would be acceptable to me. I prefer "PublicKeyCredential" because it gives developers more hint about how they need to use the credential, and I don't think @AngeloKai has given an argument against it ("implies the credential has a public/private key pair" is correct), but "DeviceBound" does distinguish this from other kinds of credentials on the platform. |
I like publicKeyCredential (as it is more specific than ScopedCredential). Good to be merged. |
decision on the webauthn call today is to merge this for WD-05: |
…Info These were added in #1742, but none of these interfaces are in Chrome, Firefox or Safari, or appear in Chromium, Gecko or WebKit source code. (There are matches in Gecko and WebKit, but for internal things, not web-exposed interfaces.) `AuthenticationAssertion` was renamed to `AuthenticatorAssertionResponse` in w3c/webauthn#397. `ScopedCredential` was renamed to `PublicKeyCredential` in w3c/webauthn#432. `ScopedCredentialInfo` was renamed to `AuthenticatorResponse` in w3c/webauthn#397. All of the new names are already in BCD.
…Info (#9398) These were added in #1742, but none of these interfaces are in Chrome, Firefox or Safari, or appear in Chromium, Gecko or WebKit source code. (There are matches in Gecko and WebKit, but for internal things, not web-exposed interfaces.) `AuthenticationAssertion` was renamed to `AuthenticatorAssertionResponse` in w3c/webauthn#397. `ScopedCredential` was renamed to `PublicKeyCredential` in w3c/webauthn#432. `ScopedCredentialInfo` was renamed to `AuthenticatorResponse` in w3c/webauthn#397. All of the new names are already in BCD.
"scoped cred" -> "public key cred" - fixes #406
whatchay'all think?
/cc @mikewest