From 7f2486f967a55f514dcbd1b5d950d6d27711256b Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Wed, 15 Jan 2025 14:55:21 +0100 Subject: [PATCH 1/2] Link related privacy consideration section alongside client capabilities --- index.bs | 1 + 1 file changed, 1 insertion(+) diff --git a/index.bs b/index.bs index 651ea7dec..f21ad70f1 100644 --- a/index.bs +++ b/index.bs @@ -9893,6 +9893,7 @@ This section contains the substantive changes that have been made to this specif - Conditional mediation for create: [[#sctn-createCredential]] - Conditional mediation for get: [[#sctn-getAssertion]] - [[#sctn-getClientCapabilities]] + - [[#sctn-disclosing-client-capabilities]] - [[#sctn-signal-methods]] - New [=client data=] attribute {{CollectedClientData/topOrigin}}: [[#dictionary-client-data]] - [[#enum-hints]] From de3d11a2890e19ba86c55187ec09ebfe5c27a7d5 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Wed, 15 Jan 2025 14:56:00 +0100 Subject: [PATCH 2/2] Add (some) changes, deprecations and editorial changes to L3 revision history --- index.bs | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/index.bs b/index.bs index f21ad70f1..40874b6d7 100644 --- a/index.bs +++ b/index.bs @@ -9883,6 +9883,28 @@ This section contains the substantive changes that have been made to this specif ## Changes since Web Authentication Level 2 [[webauthn-2-20210408]] ## {#changes-since-l2} +### Substantive Changes ### {#changes-l3-substantive} + +The following changes were made to the [=Web Authentication API=] and the way it operates. + +Changes: + +- Updated timeout guidance: [[#sctn-timeout-recommended-range]] +- `uvm` extension no longer included; see instead L2 [[webauthn-2-20210408]] +- [=authData/attestedCredentialData/aaguid=] in [=attested credential data=] is no longer zeroed + when {{PublicKeyCredentialCreationOptions/attestation}} preference is {{AttestationConveyancePreference/none}}: [[#sctn-createCredential]] + + +Deprecations: + +- Registration parameter + {{CredentialCreationOptions/publicKey}}.{{PublicKeyCredentialCreationOptions/rp}}.{{PublicKeyCredentialEntity/name}}: + [[#dictionary-pkcredentialentity]] +- [[#sctn-android-safetynet-attestation]] + + +New features: + - New JSON (de)serialization methods: - {{PublicKeyCredential/toJSON()}} method in [[#iface-pkcredential]] - [[#sctn-parseCreationOptionsFromJSON]] @@ -9894,6 +9916,7 @@ This section contains the substantive changes that have been made to this specif - Conditional mediation for get: [[#sctn-getAssertion]] - [[#sctn-getClientCapabilities]] - [[#sctn-disclosing-client-capabilities]] +- New enum value {{AuthenticatorTransport/hybrid}} in [[#enum-transport]]. - [[#sctn-signal-methods]] - New [=client data=] attribute {{CollectedClientData/topOrigin}}: [[#dictionary-client-data]] - [[#enum-hints]] @@ -9904,7 +9927,23 @@ This section contains the substantive changes that have been made to this specif - [[#sctn-automation-set-credential-properties]] - [[#sctn-compound-attestation]] - [[#prf-extension]] -- Updated timeout guidance: [[#sctn-timeout-recommended-range]] + + +### Editorial Changes ### {#changes-l3-editorial} + +The following changes were made to improve clarity, readability, navigability and similar aspects of the document. + +- Updated [[#sctn-use-cases]] to reflect developments in deployment landscape. +- Introduced [=credential record=] concept to formalize what data [=[RPS]=] need to store + and how it relates between [=registration ceremony|registration=] and [=authentication ceremonies=]. +- Clarified error conditions: + - [[#sctn-create-request-exceptions]] + - [[#sctn-get-request-exceptions]] +- [[#sctn-strings]] split into subsections [[#sctn-strings-truncation-client]] and [[#sctn-strings-truncation-authenticator]] + to clarify division of responsibilities. +- Added [[#sctn-test-vectors]]. +- Moved normative language outside of "note" blocks. + 
 {