From 3d119ce0e461ff35de62700c77586dc4c4879f79 Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Mon, 1 Jul 2024 15:25:54 +1000 Subject: [PATCH 01/20] Use credential type registry for permissions --- index.bs | 57 ++++++++++++++++++++++++++++++-------------------------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/index.bs b/index.bs index f803ea6..6bf6dc9 100644 --- a/index.bs +++ b/index.bs @@ -98,20 +98,15 @@ spec:css-syntax-3; 
 {
-  "FEDCM": {
-    "authors": [ "Sam Goto" ],
-    "href": "https://fedidcg.github.io/FedCM/",
-    "title": "FedCM API"
-  },
   "WEB-LOGIN": {
     "authors": [ "Jason Denizac", "Robin Berjon", "Anne van Kesteren" ],
     "href": "https://github.com/jden/web-login",
     "title": "web-login"
   },
-  "WEB-OTP": {
-    "authors": [ "Sam Goto" ],
-    "href": "https://wicg.github.io/web-otp/",
-    "title": "WebOTP API"
+  "DIGITAL-CREDENTIALS": {
+    "authors": [ "Marcos Cáceres", "Sam Goto" ],
+    "href": "https://wicg.github.io/digital-credentials/",
+    "title": "Digital Credentials"
   }
 }
@@ -325,14 +320,24 @@ spec:css-syntax-3; (in alphabetical order) Options Member Identifier Appropriate Interface Object + Corresponding Permissions Policy Specification Requestor Contact + + digital-credential + digital + {{DigitalCredential}} + digital-credentials-get + [[DIGITAL-CREDENTIALS]] + WICG + federated federated {{FederatedCredential}} + null This specification: [[#federated]] W3C @@ -340,6 +345,7 @@ spec:css-syntax-3; identity identity {{IdentityCredential}} + [=identity-credentials-get=] [[FEDCM]] W3C @@ -347,6 +353,7 @@ spec:css-syntax-3; otp otp {{OTPCredential}} + otp-credentials [[WEB-OTP]] WICG @@ -354,6 +361,7 @@ spec:css-syntax-3; password password {{PasswordCredential}} + null This specification: [[#passwords]] W3C @@ -361,6 +369,7 @@ spec:css-syntax-3; public-key publicKey {{PublicKeyCredential}} + [=publickey-credentials-get-feature|publickey-credentials-get=] [[WEBAUTHN]] W3C @@ -382,6 +391,9 @@ spec:css-syntax-3; * Each registry entry must state the [=credential type registry/Appropriate Interface Object=] [=identifier=] for the [=credential type registry/credential type=]. + * Each registry entry may state the [=credential type registry/Corresponding Permissions Policy=] [=permission=] for the + [=credential type registry/credential type=]. + * Each registry entry must include a link that references a publicly available specification defining the [=credential type registry/credential type=] and the [=dictionary member=] [=identifier=]. @@ -950,8 +962,10 @@ spec:css-syntax-3; 1. Assert: |settings| is a [=secure context=]. - 1. If |settings|'s [=relevant global object=]'s [=associated Document=] is not [=Document/fully active=], - then return [=a promise rejected with=] "{{NotAllowedError}}" {{DOMException}}. + 1. Let |document| be |settings|'s [=relevant global object=]'s [=associated Document=]. + + 1. If |document| is not [=Document/fully active=], then return [=a promise rejected with=] + "{{NotAllowedError}}" {{DOMException}}. 1. If |options|.{{CredentialRequestOptions/signal}} is [=AbortSignal/aborted=], then return [=a promise rejected with=] @@ -965,8 +979,6 @@ spec:css-syntax-3; 1. If |interface| does not support {{CredentialMediationRequirement/conditional}} [=user mediation=], return [=a promise rejected with=] a "{{TypeError}}" {{DOMException}}. - 1. Let |p| be [=a new promise=]. - 1. For each |interface| in |options|' relevant credential interface objects: 1. If |settings|' [=active credential types=] [=set/contains=] |interface|'s @@ -983,21 +995,14 @@ spec:css-syntax-3; 1. Let |sameOriginWithAncestors| be `true` if |settings| is [=same-origin with its ancestors=], and `false` otherwise. - 1. If |options|[{{CredentialRequestOptions/identity}}] [=map/exists=] and - if |settings|' [=relevant global object=]'s [=associated Document=] is **not** - [=allowed to use=] the [=identity-credentials-get=] - [=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}" - {{DOMException}}. + 1. For each |permission| in |options|' [=credential type registry/Corresponding Permissions Policy=]: - 1. If |options|[{{CredentialRequestOptions/publicKey}}] [=map/exists=] and - if |settings|' [=relevant global object=]'s [=associated Document=] is **not** - [=allowed to use=] the [=publickey-credentials-get-feature|publickey-credentials-get=] - [=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}" - {{DOMException}}. + 1. If |permission| is null, continue. - Note: `password` and `federated` - [=credential type registry/credential types=] are not presently treated as - [=policy-controlled features=], although this may change in the future. + 1. If |document| is **not** [=allowed to use=] the |permission| [=policy-controlled feature=], + return [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. + + 1. Let |p| be [=a new promise=]. 1. Run the following steps [=in parallel=]: From 480c51f7073eda1290e7446107d07669c0d98b0c Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Mon, 1 Jul 2024 15:57:43 +1000 Subject: [PATCH 02/20] Distiguish get and create --- index.bs | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/index.bs b/index.bs index 6bf6dc9..2742c68 100644 --- a/index.bs +++ b/index.bs @@ -320,7 +320,8 @@ spec:css-syntax-3; (in alphabetical order) Options Member Identifier Appropriate Interface Object - Corresponding Permissions Policy + Get Permissions Policy + Create Permissions Policy Specification Requestor Contact @@ -330,6 +331,7 @@ spec:css-syntax-3; digital {{DigitalCredential}} digital-credentials-get + null [[DIGITAL-CREDENTIALS]] WICG @@ -338,6 +340,7 @@ spec:css-syntax-3; federated {{FederatedCredential}} null + null This specification: [[#federated]] W3C @@ -346,6 +349,7 @@ spec:css-syntax-3; identity {{IdentityCredential}} [=identity-credentials-get=] + null [[FEDCM]] W3C @@ -362,6 +366,7 @@ spec:css-syntax-3; password {{PasswordCredential}} null + null This specification: [[#passwords]] W3C @@ -370,6 +375,7 @@ spec:css-syntax-3; publicKey {{PublicKeyCredential}} [=publickey-credentials-get-feature|publickey-credentials-get=] + [=publickey-credentials-create-feature|publickey-credentials-create=] [[WEBAUTHN]] W3C @@ -391,8 +397,11 @@ spec:css-syntax-3; * Each registry entry must state the [=credential type registry/Appropriate Interface Object=] [=identifier=] for the [=credential type registry/credential type=]. - * Each registry entry may state the [=credential type registry/Corresponding Permissions Policy=] [=permission=] for the - [=credential type registry/credential type=]. + * Each registry entry may state the [=credential type registry/Get Permissions Policy=] [=permission=] used when executing Request a `Credential` + for a [=credential type registry/credential type=]. + + * Each registry entry may state the [=credential type registry/Create Permissions Policy=] [=permission=] used when executing Create a `Credential` + for a [=credential type registry/credential type=]. * Each registry entry must include a link that references a publicly available specification defining the [=credential type registry/credential type=] and the [=dictionary member=] [=identifier=]. @@ -995,7 +1004,7 @@ spec:css-syntax-3; 1. Let |sameOriginWithAncestors| be `true` if |settings| is [=same-origin with its ancestors=], and `false` otherwise. - 1. For each |permission| in |options|' [=credential type registry/Corresponding Permissions Policy=]: + 1. For each |permission| in |options|' [=credential type registry/Get Permissions Policy=]: 1. If |permission| is null, continue. @@ -1169,12 +1178,20 @@ spec:css-syntax-3; 1. Let |global| be |settings|' [=environment settings object/global object=]. - 1. If |settings|'s [=relevant global object=]'s [=associated Document=] is not [=Document/fully active=], - then return [=a promise rejected with=] "{{NotAllowedError}}" {{DOMException}}. + 1. Let |document| be the [=relevant global object=]'s [=associated Document=]. + + 1. If |document| is not [=Document/fully active=], then return + [=a promise rejected with=] "{{NotAllowedError}}" {{DOMException}}. 1. Let |sameOriginWithAncestors| be `true` if the [=current settings object=] is [=same-origin with its ancestors=], and `false` otherwise. + 1. Let |permission| be |options| [=credential type registry/Create Permissions Policy=]: + + 1. If |permission| is not null, and |document| is **not** [=allowed to use=] + the |permission| [=policy-controlled feature=], return [=a promise rejected with=] + a "{{NotAllowedError}}" {{DOMException}}. + 1. If |options|[{{CredentialCreationOptions/publicKey}}] [=map/exists=] and if |settings|' [=relevant global object=]'s [=associated Document=] is **not** [=allowed to use=] the [=publickey-credentials-create-feature|publickey-credentials-create=] From ab2f574526190dc5c94d8e21d3917b299ce25cf7 Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Mon, 1 Jul 2024 16:00:22 +1000 Subject: [PATCH 03/20] Make it a must, will null --- index.bs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/index.bs b/index.bs index 2742c68..4f8f251 100644 --- a/index.bs +++ b/index.bs @@ -397,11 +397,11 @@ spec:css-syntax-3; * Each registry entry must state the [=credential type registry/Appropriate Interface Object=] [=identifier=] for the [=credential type registry/credential type=]. - * Each registry entry may state the [=credential type registry/Get Permissions Policy=] [=permission=] used when executing Request a `Credential` - for a [=credential type registry/credential type=]. + * Each registry entry must state the [=credential type registry/Get Permissions Policy=] [=permission=] used when executing Request a `Credential` + for a [=credential type registry/credential type=], or null if one is not specified. - * Each registry entry may state the [=credential type registry/Create Permissions Policy=] [=permission=] used when executing Create a `Credential` - for a [=credential type registry/credential type=]. + * Each registry entry must state the [=credential type registry/Create Permissions Policy=] [=permission=] used when executing Create a `Credential` + for a [=credential type registry/credential type=], or null if one is not specified. * Each registry entry must include a link that references a publicly available specification defining the [=credential type registry/credential type=] and the [=dictionary member=] [=identifier=]. From 7a328ad555ccac27fa4e0074de5ad2650407fe00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 1 Jul 2024 16:02:28 +1000 Subject: [PATCH 04/20] Update index.bs --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index 4f8f251..d5f69dd 100644 --- a/index.bs +++ b/index.bs @@ -1186,7 +1186,7 @@ spec:css-syntax-3; 1. Let |sameOriginWithAncestors| be `true` if the [=current settings object=] is [=same-origin with its ancestors=], and `false` otherwise. - 1. Let |permission| be |options| [=credential type registry/Create Permissions Policy=]: + 1. Let |permission| be |options| [=credential type registry/Create Permissions Policy=]. 1. If |permission| is not null, and |document| is **not** [=allowed to use=] the |permission| [=policy-controlled feature=], return [=a promise rejected with=] From 6f91620b1f233e1195fee8d56bbc9e3a686fa6fe Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Mon, 1 Jul 2024 16:05:06 +1000 Subject: [PATCH 05/20] fixup and remove note --- index.bs | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/index.bs b/index.bs index d5f69dd..aa7b6da 100644 --- a/index.bs +++ b/index.bs @@ -1192,16 +1192,6 @@ spec:css-syntax-3; the |permission| [=policy-controlled feature=], return [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. - 1. If |options|[{{CredentialCreationOptions/publicKey}}] [=map/exists=] and - if |settings|' [=relevant global object=]'s [=associated Document=] is **not** - [=allowed to use=] the [=publickey-credentials-create-feature|publickey-credentials-create=] - [=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}" - {{DOMException}}. - - Note: `password` and `federated` - [=credential type registry/credential types=] are not presently treated as - [=policy-controlled features=], although this may change in the future. - 1. Let |interfaces| be the [=set=] of |options|' relevant credential interface objects. 1. Return [=a promise rejected with=] `NotSupportedError` if any of the following statements From d6fa8756d28905a5db0b8fd54c0c54f457e89398 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 1 Jul 2024 16:06:25 +1000 Subject: [PATCH 06/20] Update index.bs --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index aa7b6da..55da003 100644 --- a/index.bs +++ b/index.bs @@ -1186,7 +1186,7 @@ spec:css-syntax-3; 1. Let |sameOriginWithAncestors| be `true` if the [=current settings object=] is [=same-origin with its ancestors=], and `false` otherwise. - 1. Let |permission| be |options| [=credential type registry/Create Permissions Policy=]. + 1. Let |permission| be |options|'s [=credential type registry/Create Permissions Policy=]. 1. If |permission| is not null, and |document| is **not** [=allowed to use=] the |permission| [=policy-controlled feature=], return [=a promise rejected with=] From 9b7fc3925354fead9d198d8d451e16dd00c0a88c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 1 Jul 2024 16:10:15 +1000 Subject: [PATCH 07/20] Update index.bs --- index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.bs b/index.bs index 55da003..3e79ffc 100644 --- a/index.bs +++ b/index.bs @@ -398,10 +398,10 @@ spec:css-syntax-3; [=credential type registry/credential type=]. * Each registry entry must state the [=credential type registry/Get Permissions Policy=] [=permission=] used when executing Request a `Credential` - for a [=credential type registry/credential type=], or null if one is not specified. + for a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] specified. * Each registry entry must state the [=credential type registry/Create Permissions Policy=] [=permission=] used when executing Create a `Credential` - for a [=credential type registry/credential type=], or null if one is not specified. + for a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] specified. * Each registry entry must include a link that references a publicly available specification defining the [=credential type registry/credential type=] and the [=dictionary member=] [=identifier=]. From ab2c6eaa2bdfd831aecb327659dffcb72407cdf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 1 Jul 2024 16:10:46 +1000 Subject: [PATCH 08/20] fixup --- index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.bs b/index.bs index 3e79ffc..8f793ad 100644 --- a/index.bs +++ b/index.bs @@ -398,10 +398,10 @@ spec:css-syntax-3; [=credential type registry/credential type=]. * Each registry entry must state the [=credential type registry/Get Permissions Policy=] [=permission=] used when executing Request a `Credential` - for a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] specified. + for a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. * Each registry entry must state the [=credential type registry/Create Permissions Policy=] [=permission=] used when executing Create a `Credential` - for a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] specified. + for a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. * Each registry entry must include a link that references a publicly available specification defining the [=credential type registry/credential type=] and the [=dictionary member=] [=identifier=]. From 8f1303b74ea4c75e26ff91538ff94ea1b735ae04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 1 Jul 2024 16:12:07 +1000 Subject: [PATCH 09/20] Update index.bs --- index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.bs b/index.bs index 8f793ad..ab2136d 100644 --- a/index.bs +++ b/index.bs @@ -1008,8 +1008,8 @@ spec:css-syntax-3; 1. If |permission| is null, continue. - 1. If |document| is **not** [=allowed to use=] the |permission| [=policy-controlled feature=], - return [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. + 1. If |document| is **not** [=allowed to use=] |permission|, return [=a promise rejected with=] + a "{{NotAllowedError}}" {{DOMException}}. 1. Let |p| be [=a new promise=]. From 0e05b941b6c1d48b9004a3a024d4ab989ed417ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 1 Jul 2024 16:12:49 +1000 Subject: [PATCH 10/20] Update index.bs --- index.bs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/index.bs b/index.bs index ab2136d..bceb5dd 100644 --- a/index.bs +++ b/index.bs @@ -1188,9 +1188,8 @@ spec:css-syntax-3; 1. Let |permission| be |options|'s [=credential type registry/Create Permissions Policy=]. - 1. If |permission| is not null, and |document| is **not** [=allowed to use=] - the |permission| [=policy-controlled feature=], return [=a promise rejected with=] - a "{{NotAllowedError}}" {{DOMException}}. + 1. If |permission| is not null, and |document| is **not** [=allowed to use=] |permission|, + return [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. 1. Let |interfaces| be the [=set=] of |options|' relevant credential interface objects. From 55bd2b4a3603542df8b4dc4b37f1c98e4f1fafab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 1 Jul 2024 16:13:04 +1000 Subject: [PATCH 11/20] Update index.bs --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index bceb5dd..9e92971 100644 --- a/index.bs +++ b/index.bs @@ -1189,7 +1189,7 @@ spec:css-syntax-3; 1. Let |permission| be |options|'s [=credential type registry/Create Permissions Policy=]. 1. If |permission| is not null, and |document| is **not** [=allowed to use=] |permission|, - return [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. + return [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. 1. Let |interfaces| be the [=set=] of |options|' relevant credential interface objects. From 7fecb4513986d4d4364ab6f644d9917ae664f59c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 1 Jul 2024 16:14:03 +1000 Subject: [PATCH 12/20] Update index.bs --- index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.bs b/index.bs index 9e92971..d6c3df3 100644 --- a/index.bs +++ b/index.bs @@ -1008,8 +1008,8 @@ spec:css-syntax-3; 1. If |permission| is null, continue. - 1. If |document| is **not** [=allowed to use=] |permission|, return [=a promise rejected with=] - a "{{NotAllowedError}}" {{DOMException}}. + 1. If |document| is **not** [=allowed to use=] |permission|, return + [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. 1. Let |p| be [=a new promise=]. From 121c4234a8dbdccfaa6422319cfd14244d7c8268 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 1 Jul 2024 16:15:38 +1000 Subject: [PATCH 13/20] Update index.bs --- index.bs | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/index.bs b/index.bs index d6c3df3..332689c 100644 --- a/index.bs +++ b/index.bs @@ -397,12 +397,13 @@ spec:css-syntax-3; * Each registry entry must state the [=credential type registry/Appropriate Interface Object=] [=identifier=] for the [=credential type registry/credential type=]. - * Each registry entry must state the [=credential type registry/Get Permissions Policy=] [=permission=] used when executing Request a `Credential` - for a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. - - * Each registry entry must state the [=credential type registry/Create Permissions Policy=] [=permission=] used when executing Create a `Credential` - for a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. + * Each registry entry must state the [=credential type registry/Get Permissions Policy=] [=permission=] + used when executing Request a `Credential` for + a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. + * Each registry entry must state the [=credential type registry/Create Permissions Policy=] [=permission=] + used when executing Create a `Credential` for + a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. * Each registry entry must include a link that references a publicly available specification defining the [=credential type registry/credential type=] and the [=dictionary member=] [=identifier=]. From 39c66a229bd385968fcf44fe5eb4506af52a5e11 Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Mon, 1 Jul 2024 16:16:55 +1000 Subject: [PATCH 14/20] fix whitespace --- index.bs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/index.bs b/index.bs index 332689c..f84f592 100644 --- a/index.bs +++ b/index.bs @@ -398,12 +398,13 @@ spec:css-syntax-3; [=credential type registry/credential type=]. * Each registry entry must state the [=credential type registry/Get Permissions Policy=] [=permission=] - used when executing Request a `Credential` for - a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. + used when executing Request a `Credential` for a + [=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. * Each registry entry must state the [=credential type registry/Create Permissions Policy=] [=permission=] - used when executing Create a `Credential` for - a [=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. + used when executing Create a `Credential` for a + [=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. + * Each registry entry must include a link that references a publicly available specification defining the [=credential type registry/credential type=] and the [=dictionary member=] [=identifier=]. From 3eb378139e174a5244d9a5f1a0b1b6a0194d2142 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 1 Jul 2024 16:32:20 +1000 Subject: [PATCH 15/20] Update index.bs --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index f84f592..0fd4493 100644 --- a/index.bs +++ b/index.bs @@ -1011,7 +1011,7 @@ spec:css-syntax-3; 1. If |permission| is null, continue. 1. If |document| is **not** [=allowed to use=] |permission|, return - [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. + [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. 1. Let |p| be [=a new promise=]. From b0f097c4066b63a3a10a37be9b549586fe3d2525 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Thu, 4 Jul 2024 14:32:14 +1000 Subject: [PATCH 16/20] Update index.bs --- index.bs | 1 + 1 file changed, 1 insertion(+) diff --git a/index.bs b/index.bs index 0fd4493..ebe2bd1 100644 --- a/index.bs +++ b/index.bs @@ -358,6 +358,7 @@ spec:css-syntax-3; otp {{OTPCredential}} otp-credentials + null [[WEB-OTP]] WICG From 89ad7550769d92c01cfb26dd7c5b14bc2b26bf5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 22 Jul 2024 12:47:09 +1000 Subject: [PATCH 17/20] Update index.bs --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index ebe2bd1..f14d993 100644 --- a/index.bs +++ b/index.bs @@ -357,7 +357,7 @@ spec:css-syntax-3; otp otp {{OTPCredential}} - otp-credentials + [=otp-credentials|otp-credentials-feature=] null [[WEB-OTP]] WICG From 0ec907abab97c4e44a74472947c37b4890e73d5d Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Mon, 22 Jul 2024 12:48:21 +1000 Subject: [PATCH 18/20] fix linking of otp-credentials --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index f14d993..e6650a8 100644 --- a/index.bs +++ b/index.bs @@ -357,7 +357,7 @@ spec:css-syntax-3; otp otp {{OTPCredential}} - [=otp-credentials|otp-credentials-feature=] + [=otp-credentials-feature|otp-credentials=] null [[WEB-OTP]] WICG From 8aa29745395c41f64bfefdbae8bcee6645e65936 Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Mon, 22 Jul 2024 12:58:31 +1000 Subject: [PATCH 19/20] review feedback --- index.bs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/index.bs b/index.bs index e6650a8..d0da0f6 100644 --- a/index.bs +++ b/index.bs @@ -1007,7 +1007,9 @@ spec:css-syntax-3; 1. Let |sameOriginWithAncestors| be `true` if |settings| is [=same-origin with its ancestors=], and `false` otherwise. - 1. For each |permission| in |options|' [=credential type registry/Get Permissions Policy=]: + 1. For each |interface| in |options|' [=relevant credential interface objects=]: + + 1. Let |permission| be the |interface|'s {{Credential/[[type]]}} [=credential type registry/Get Permissions Policy=]. 1. If |permission| is null, continue. From a4d19819fc9703c032618f3b3656c813d7e5a896 Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Mon, 22 Jul 2024 13:26:41 +1000 Subject: [PATCH 20/20] review feedback --- index.bs | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/index.bs b/index.bs index d0da0f6..9ab97b5 100644 --- a/index.bs +++ b/index.bs @@ -1009,11 +1009,11 @@ spec:css-syntax-3; 1. For each |interface| in |options|' [=relevant credential interface objects=]: - 1. Let |permission| be the |interface|'s {{Credential/[[type]]}} [=credential type registry/Get Permissions Policy=]. + 1. Let |permission| be the |interface|'s {{Credential/[[type]]}} [=credential type registry/Get Permissions Policy=]. 1. If |permission| is null, continue. - 1. If |document| is **not** [=allowed to use=] |permission|, return + 1. If |document| is **not** [=allowed to use=] |permission|, return [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. 1. Let |p| be [=a new promise=]. @@ -1191,11 +1191,6 @@ spec:css-syntax-3; 1. Let |sameOriginWithAncestors| be `true` if the [=current settings object=] is [=same-origin with its ancestors=], and `false` otherwise. - 1. Let |permission| be |options|'s [=credential type registry/Create Permissions Policy=]. - - 1. If |permission| is not null, and |document| is **not** [=allowed to use=] |permission|, - return [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. - 1. Let |interfaces| be the [=set=] of |options|' relevant credential interface objects. 1. Return [=a promise rejected with=] `NotSupportedError` if any of the following statements @@ -1210,6 +1205,15 @@ spec:css-syntax-3; types in order to support a "sign-up" use case. For the moment, though, we're punting on that by restricting the dictionary to a single entry. + 1. For each |interface| in |interfaces|: + + 1. Let |permission| be the |interface|'s {{Credential/[[type]]}} [=credential type registry/Create Permissions Policy=]. + + 1. If |permission| is null, continue. + + 1. If |document| is **not** [=allowed to use=] |permission|, return + [=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. + 1. If |options|.{{CredentialRequestOptions/signal}} is [=AbortSignal/aborted=], then return [=a promise rejected with=] |options|.{{CredentialRequestOptions/signal}}'s [=AbortSignal/abort reason=].