diff --git a/images/fido-attestation-structures.svg b/images/fido-attestation-structures.svg index 3f61352d5..cbe44f395 100644 --- a/images/fido-attestation-structures.svg +++ b/images/fido-attestation-structures.svg @@ -1,795 +1,129 @@ - -image/svg+xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - -ATTESTATION OBJECT - - - -authData“: ... -“fmt“: “packed“attStmt“: ... - - - - - - -variable length if present (CBOR)AUTHENTICATOR DATA -AAGUID  -LCREDENTIAL ID -CREDENTIAL PUBLIC KEY -variable length (COSE_Key)L bytes(variable length)2 bytes16 bytesRP ID HASHFLAGSCOUNTERATTESTED CRED. DATAEXTENSIONS32 bytes1 byte4 bytes (big-endian uint32)variable length UVUP07EDAT0BSBE0 -Rechteck.3“sig“: ...“sig“: ... - -Rechteck.5“alg“: ...“alg: ... - -Rechteck.6“x5c“: ...“x5c“: ... - -ATTESTATION STATEMENT(in "packed" attestation statement format)[Other attestation statement formats are as defined in their respective sections below] + + + ATTESTATION OBJECT + + + authData“: ... + + + + + “fmt“: “packed“ + + + + attStmt“: ... + + + + + + + + + + + + + + + + + + variable length if present (CBOR) + AUTHENTICATOR DATA + + AAGUID + +   + L + + CREDENTIAL ID + CREDENTIAL PUBLIC KEY + + variable length (COSE_Key) + L bytes(variable length) + 2 bytes + 16 bytes + + + + + + + + + + + + + + RP ID HASH + FLAGS + COUNTER + ATTESTED CRED. DATA + EXTENSIONS + 32 bytes + 1 byte + 4 bytes (big-endian uint32) + variable length + + + + + + + + + + + + + + + + + UV + UP + 0 + 7 + ED + AT + 0 + BS + BE + 0 + + + + + + + + + + + + + + + + “sig“: ... + + + + “alg: ... + + + + “x5c“: ... + + + + ATTESTATION STATEMENT + (in "packed" attestation statement format) + + + diff --git a/images/fido-signature-formats-figure1.svg b/images/fido-signature-formats-figure1.svg index 1b15f56be..f369fc4db 100644 --- a/images/fido-signature-formats-figure1.svg +++ b/images/fido-signature-formats-figure1.svg @@ -1,479 +1,80 @@ - - - -image/svg+xmlauthenticatorDataLayer 1RP ID HASH -FLAGS -0 -BS -BE -AT - -ED -UP -COUNTER -ATTESTED CRED. DATA - -EXTENSIONS -32 bytes - - -1 byte - - - - -4 bytes (big-endian uint32) - - -variable length if present - - - - - - -variable length if present (CBOR) -7 -UV -0 -0 - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + RP ID HASH + + FLAGS + 0 + BS + BE + AT + ED + UP + + COUNTER + + + ATTESTED CRED. DATA + + EXTENSIONS + 32 bytes + + + + + + + 1 byte + + 4 bytes (big-endian uint32) + + variable length if present + variable length if present (CBOR) + 7 + UV + 0 + 0 + + + + \ No newline at end of file diff --git a/images/fido-signature-formats-figure2.svg b/images/fido-signature-formats-figure2.svg index 23049600c..c5e53ef29 100644 --- a/images/fido-signature-formats-figure2.svg +++ b/images/fido-signature-formats-figure2.svg @@ -1,286 +1,43 @@ - - - - Produced by OmniGraffle 6.2.5 2015-08-20 23:19:13 +0000 - - - image/svg+xml - - - - - - - - - - - - - - - - - - - - - - - - authenticatorData - - - - clientDataHash - - - Generated by authenticator - - - Received from client - - - - - || - - - - - - ASSERTION SIGNATURE - - - - Sign - - - - - - Private key - - - + + + + + + + + + authenticatorData + + + + clientDataHash + + + Generated by authenticator + + + Received from client + + + + + || + + + + + + ASSERTION SIGNATURE + + + + Sign + + + + + + Private key + + + \ No newline at end of file diff --git a/images/string-truncation.svg b/images/string-truncation.svg index 54197159a..16bc2ec34 100644 --- a/images/string-truncation.svg +++ b/images/string-truncation.svg @@ -1,326 +1,27 @@ - - - - - - - - - - image/svg+xml - - - - - - - 61 67 cc 88 - - - - - Codepoints - Graphemeclusters - - - - [63] - [64] - [62] - [61] - - - - - Bytes - UTF-8codepoints - Graphemeclusters - Truncationpoints - Suffix atgiven point - ag̈ - (error) - ag - a - - + + + 61 67 cc 88 + + + Codepoints + Graphemeclusters + + + + [63] + [64] + [62] + [61] + + + Bytes + UTF-8codepoints + Graphemeclusters + Truncationpoints + Suffix atgiven point + ag̈ + (error) + ag + a + + \ No newline at end of file diff --git a/images/webauthn-authentication-flow-01.svg b/images/webauthn-authentication-flow-01.svg index cb633bfa5..01c3731b8 100644 --- a/images/webauthn-authentication-flow-01.svg +++ b/images/webauthn-authentication-flow-01.svg @@ -1,858 +1,123 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Produced by OmniGraffle 7.7.1 - 2018-06-26 16:26:03 +0000 - - - image/svg+xml - - - - - - - Authentication WebAuthn - - Layer 1 - - - - + + + + + + + + + + + + + + + + - - + + - - - - - + + + - - + + - - - - - - - - - Relying Party Server - - - - - - - Authenticator - - - - - - - - - - - - - - - - - challenge - - - - - relying party id, - clientDataHash - - - - - authenticatorData - signature - - - - - clientDataJSON, - authenticatorData, - signature - - - - - - - 1 - - - - - - - 2 - - - - - - - 5 - - - - - - - 4 - - - - - - - 3 - - - - - user verification, - create assertion - - - - - - - Browser - - - - - - - RP JavaScript Application - - - - - - - 6 - - - - - - - 0 - - - - - server validation - - - - - AuthenticatorAssertionResponse - - - - - PublicKeyCredentialRequestOptions - - - - - WebAuthnAPI - - - - + + + + + Relying Party Server + + + + + Authenticator + + + + + + + challenge + + + relying party id, + clientDataHash + + + authenticatorData + signature + + + clientDataJSON, + authenticatorData, + signature + + + + + 1 + + + + + 2 + + + + + 5 + + + + + 4 + + + + + 3 + + + user verification, + create assertion + + + + + Browser + + + + + RP JavaScript Application + + + + + 6 + + + + + 0 + + + server validation + + + AuthenticatorAssertionResponse + + + PublicKeyCredentialRequestOptions + + + WebAuthnAPI + + + - - + \ No newline at end of file diff --git a/images/webauthn-registration-flow-01.svg b/images/webauthn-registration-flow-01.svg index e9ca9e8b0..3d197f8c8 100644 --- a/images/webauthn-registration-flow-01.svg +++ b/images/webauthn-registration-flow-01.svg @@ -1,877 +1,132 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Produced by OmniGraffle 7.7.1 - 2018-06-26 16:26:03 +0000 - - - image/svg+xml - - - - - - - Layer 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Relying Party Server - - - - - - - Authenticator - - - - - - - - - - - - - - - - - challenge, - user info, - relying party info - - - - - relying party id - , - user info, - relying party info, - clientDataHash - - - - - new public key, - credential id, - attestation - - - - - clientDataJSON, - attestationObject - - - - - - - 1 - - - - - - - 2 - - - - - - - 5 - - - - - - - 4 - - - - - - - 3 - - - - - user verification, - new keypair, - attestation - - - - - attestationObject - - - - - - - Browser - - - - - - - RP JavaScript Application - - - - - - - 6 - - - - - - - 0 - - - - - server validation - - - - - AuthenticatorAttestationResponse - - - - - - PublicKeyCredentialCreationOptions - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Relying Party Server + + + + + Authenticator + + + + + + + challenge, + user info, + relying party info + + + relying party id + , + user info, + relying party info, + clientDataHash + + + new public key, + credential id, + attestation + + + clientDataJSON, + attestationObject + + + + + 1 + + + + + 2 + + + + + 5 + + + + + 4 + + + + + 3 + + + user verification, + new keypair, + attestation + + + attestationObject + + + + + Browser + + + + + RP JavaScript Application + + + + + 6 + + + + + 0 + + + server validation + + + AuthenticatorAttestationResponse + + + + PublicKeyCredentialCreationOptions + + + \ No newline at end of file diff --git a/index.bs b/index.bs index 40a4ab6e8..9b9c425f6 100644 --- a/index.bs +++ b/index.bs @@ -128,16 +128,6 @@ figure.table .overlarge { } - -
-
-spec: dom; type: interface; for:/; text: Document
-
-
-
- - - 
 
@@ -304,6 +294,7 @@ spec: BCP47; urlPrefix: https://tools.ietf.org/html/bcp47
 
 
 spec:credential-management; type:dfn; text:credentials
+spec:dom; type:dfn; for:/; text:document
 spec:html; type:dfn; for:environment settings object; text:global object
 spec:html; type:dfn; for:/; text:same site
 spec:infra; type:dfn; for:/; text:set
@@ -1472,7 +1463,7 @@ browser to create a new credential for future use by the [=[RP]=]. See 
-    
+    
     
Registration Flow

 
 
@@ -1482,7 +1473,7 @@ Scripts can also request the user’s permission to perform
 
 
 

-    
+    
     
Authentication Flow

 

 
@@ -4799,7 +4790,7 @@ the requested [=public key credential|credential=] is [=scoped=] to exactly matc
 Figure  shows a visual representation of the [=authenticator data=] structure.
 
 

-    
+    
     
[=Authenticator data=] layout.

 

 
@@ -5389,7 +5380,7 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
     client data=] (which potentially has a variable length) is always the last element.
 
     

-        
+        
         
Generating an [=assertion signature=].

     

 
@@ -5501,7 +5492,7 @@ Since that leaves a partial UTF-8 code point, the remainder of that code point m
 Since that leaves a partial [=grapheme cluster=], the remainder of that cluster should also be removed.
 
 

-    
+    
     
The end of a UTF-8 encoded string showing the positions of different truncation boundaries.

 

 
@@ -5582,7 +5573,7 @@ for the [=[RP]=] to base a trust decision on.
 In these cases, the [=authenticator=] provides no guarantees about its operation to the [=[RP]=].
 
 

-    
+    
     
[=Attestation object=] layout illustrating the included [=authenticator data=] (containing [=attested credential
     data=]) and the [=attestation statement=].