-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use credential type registry for permissions + digital credentials #242
Merged
Merged
Changes from all commits
Commits
Show all changes
20 commits
Select commit
Hold shift + click to select a range
3d119ce
Use credential type registry for permissions
marcoscaceres 480c51f
Distiguish get and create
marcoscaceres ab2f574
Make it a must, will null
marcoscaceres 7a328ad
Update index.bs
marcoscaceres 6f91620
fixup and remove note
marcoscaceres d6fa875
Update index.bs
marcoscaceres 9b7fc39
Update index.bs
marcoscaceres ab2c6ea
fixup
marcoscaceres 8f1303b
Update index.bs
marcoscaceres 0e05b94
Update index.bs
marcoscaceres 55bd2b4
Update index.bs
marcoscaceres 7fecb45
Update index.bs
marcoscaceres 121c423
Update index.bs
marcoscaceres 39c66a2
fix whitespace
marcoscaceres 3eb3781
Update index.bs
marcoscaceres b0f097c
Update index.bs
marcoscaceres 89ad755
Update index.bs
marcoscaceres 0ec907a
fix linking of otp-credentials
marcoscaceres 8aa2974
review feedback
marcoscaceres a4d1981
review feedback
marcoscaceres File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -98,20 +98,15 @@ spec:css-syntax-3; | |
</pre> | ||
<pre class="biblio"> | ||
{ | ||
"FEDCM": { | ||
"authors": [ "Sam Goto" ], | ||
"href": "https://fedidcg.github.io/FedCM/", | ||
"title": "FedCM API" | ||
}, | ||
"WEB-LOGIN": { | ||
"authors": [ "Jason Denizac", "Robin Berjon", "Anne van Kesteren" ], | ||
"href": "https://github.com/jden/web-login", | ||
"title": "web-login" | ||
}, | ||
"WEB-OTP": { | ||
"authors": [ "Sam Goto" ], | ||
"href": "https://wicg.github.io/web-otp/", | ||
"title": "WebOTP API" | ||
"DIGITAL-CREDENTIALS": { | ||
"authors": [ "Marcos Cáceres", "Sam Goto" ], | ||
"href": "https://wicg.github.io/digital-credentials/", | ||
"title": "Digital Credentials" | ||
} | ||
} | ||
</pre> | ||
|
@@ -325,42 +320,63 @@ spec:css-syntax-3; | |
<small>(in alphabetical order)</small></th> | ||
<th><dfn for="credential type registry">Options Member Identifier</dfn></th> | ||
<th><dfn for="credential type registry">Appropriate Interface Object</dfn></th> | ||
<th><dfn for="credential type registry">Get Permissions Policy</dfn></th> | ||
<th><dfn for="credential type registry">Create Permissions Policy</dfn></th> | ||
<th>Specification</th> | ||
<th>Requestor Contact</th> | ||
</tr> | ||
</thead> | ||
<tr> | ||
<td>digital-credential</td> | ||
<td>digital</td> | ||
<td>{{DigitalCredential}}</td> | ||
<td>digital-credentials-get</td> | ||
<td>null</td> | ||
<td>[[DIGITAL-CREDENTIALS]]</td> | ||
<td><a href="https://wicg.io/">WICG</a></td> | ||
</tr> | ||
<tr> | ||
<td>federated</td> | ||
<td>federated</td> | ||
<td>{{FederatedCredential}}</td> | ||
<td>null</td> | ||
<td>null</td> | ||
<td>This specification: [[#federated]]</td> | ||
<td><a href="https://www.w3.org/2011/webappsec/">W3C</a></td> | ||
</tr> | ||
<tr> | ||
<td>identity</td> | ||
<td>identity</td> | ||
<td>{{IdentityCredential}}</td> | ||
<td>[=identity-credentials-get=]</td> | ||
<td>null</td> | ||
<td>[[FEDCM]]</td> | ||
<td><a href="https://www.w3.org/community/fed-id/">W3C</a></td> | ||
</tr> | ||
<tr> | ||
<td>otp</td> | ||
<td>otp</td> | ||
<td>{{OTPCredential}}</td> | ||
<td>[=otp-credentials-feature|otp-credentials=]</td> | ||
<td>null</td> | ||
<td>[[WEB-OTP]]</td> | ||
<td><a href="https://wicg.io/">WICG</a></td> | ||
</tr> | ||
<tr> | ||
<td>password</td> | ||
<td>password</td> | ||
<td>{{PasswordCredential}}</td> | ||
<td>null</td> | ||
<td>null</td> | ||
<td>This specification: [[#passwords]]</td> | ||
<td><a href="https://www.w3.org/2011/webappsec/">W3C</a></td> | ||
</tr> | ||
<tr> | ||
<td>public-key</td> | ||
<td>publicKey</td> | ||
<td>{{PublicKeyCredential}}</td> | ||
<td>[=publickey-credentials-get-feature|publickey-credentials-get=]</td> | ||
<td>[=publickey-credentials-create-feature|publickey-credentials-create=]</td> | ||
<td>[[WEBAUTHN]]</td> | ||
<td><a href="https://www.w3.org/blog/webauthn/">W3C</a></td> | ||
</tr> | ||
|
@@ -382,6 +398,14 @@ spec:css-syntax-3; | |
* Each registry entry must state the [=credential type registry/Appropriate Interface Object=] [=identifier=] for the | ||
[=credential type registry/credential type=]. | ||
|
||
* Each registry entry must state the [=credential type registry/Get Permissions Policy=] [=permission=] | ||
used when executing <a abstract-op>Request a `Credential`</a> for a | ||
[=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. | ||
|
||
* Each registry entry must state the [=credential type registry/Create Permissions Policy=] [=permission=] | ||
used when executing <a abstract-op>Create a `Credential`</a> for a | ||
[=credential type registry/credential type=], or null if no [=Document/permissions policy=] is specified. | ||
|
||
* Each registry entry must include a link that references a publicly available specification | ||
defining the [=credential type registry/credential type=] and the [=dictionary member=] [=identifier=]. | ||
|
||
|
@@ -950,8 +974,10 @@ spec:css-syntax-3; | |
|
||
1. Assert: |settings| is a [=secure context=]. | ||
|
||
1. If |settings|'s [=relevant global object=]'s [=associated Document=] is not [=Document/fully active=], | ||
then return [=a promise rejected with=] "{{NotAllowedError}}" {{DOMException}}. | ||
1. Let |document| be |settings|'s [=relevant global object=]'s [=associated Document=]. | ||
|
||
1. If |document| is not [=Document/fully active=], then return [=a promise rejected with=] | ||
"{{NotAllowedError}}" {{DOMException}}. | ||
|
||
1. If <code>|options|.{{CredentialRequestOptions/signal}}</code> is [=AbortSignal/aborted=], | ||
then return [=a promise rejected with=] | ||
|
@@ -965,8 +991,6 @@ spec:css-syntax-3; | |
1. If |interface| does not support {{CredentialMediationRequirement/conditional}} | ||
[=user mediation=], return [=a promise rejected with=] a "{{TypeError}}" {{DOMException}}. | ||
|
||
1. Let |p| be [=a new promise=]. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Was defined before it was used! oops! |
||
|
||
1. For each |interface| in |options|' <a>relevant credential interface objects</a>: | ||
|
||
1. If |settings|' [=active credential types=] [=set/contains=] |interface|'s | ||
|
@@ -983,21 +1007,16 @@ spec:css-syntax-3; | |
1. Let |sameOriginWithAncestors| be `true` if |settings| is [=same-origin with its | ||
ancestors=], and `false` otherwise. | ||
|
||
1. If |options|[{{CredentialRequestOptions/identity}}] [=map/exists=] and | ||
if |settings|' [=relevant global object=]'s [=associated Document=] is **not** | ||
[=allowed to use=] the [=identity-credentials-get=] | ||
[=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}" | ||
{{DOMException}}. | ||
1. For each |interface| in |options|' [=relevant credential interface objects=]: | ||
|
||
1. If |options|[{{CredentialRequestOptions/publicKey}}] [=map/exists=] and | ||
if |settings|' [=relevant global object=]'s [=associated Document=] is **not** | ||
[=allowed to use=] the [=publickey-credentials-get-feature|publickey-credentials-get=] | ||
[=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}" | ||
{{DOMException}}. | ||
1. Let |permission| be the |interface|'s {{Credential/[[type]]}} [=credential type registry/Get Permissions Policy=]. | ||
|
||
Note: <a const>`password`</a> and <a const>`federated`</a> | ||
[=credential type registry/credential types=] are not presently treated as | ||
[=policy-controlled features=], although this may change in the future. | ||
1. If |permission| is null, continue. | ||
|
||
1. If |document| is **not** [=allowed to use=] |permission|, return | ||
[=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. | ||
|
||
1. Let |p| be [=a new promise=]. | ||
|
||
1. Run the following steps [=in parallel=]: | ||
|
||
|
@@ -1164,22 +1183,14 @@ spec:css-syntax-3; | |
|
||
1. Let |global| be |settings|' [=environment settings object/global object=]. | ||
|
||
1. If |settings|'s [=relevant global object=]'s [=associated Document=] is not [=Document/fully active=], | ||
then return [=a promise rejected with=] "{{NotAllowedError}}" {{DOMException}}. | ||
1. Let |document| be the [=relevant global object=]'s [=associated Document=]. | ||
|
||
1. If |document| is not [=Document/fully active=], then return | ||
[=a promise rejected with=] "{{NotAllowedError}}" {{DOMException}}. | ||
|
||
1. Let |sameOriginWithAncestors| be `true` if the [=current settings object=] is [=same-origin | ||
with its ancestors=], and `false` otherwise. | ||
|
||
1. If |options|[{{CredentialCreationOptions/publicKey}}] [=map/exists=] and | ||
if |settings|' [=relevant global object=]'s [=associated Document=] is **not** | ||
[=allowed to use=] the [=publickey-credentials-create-feature|publickey-credentials-create=] | ||
[=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}" | ||
{{DOMException}}. | ||
|
||
Note: <a const>`password`</a> and <a const>`federated`</a> | ||
[=credential type registry/credential types=] are not presently treated as | ||
[=policy-controlled features=], although this may change in the future. | ||
|
||
1. Let |interfaces| be the [=set=] of |options|' <a>relevant credential interface objects</a>. | ||
|
||
1. Return [=a promise rejected with=] `NotSupportedError` if any of the following statements | ||
|
@@ -1194,6 +1205,15 @@ spec:css-syntax-3; | |
types in order to support a "sign-up" use case. For the moment, though, we're punting | ||
on that by restricting the dictionary to a single entry. | ||
|
||
1. For each |interface| in |interfaces|: | ||
|
||
1. Let |permission| be the |interface|'s {{Credential/[[type]]}} [=credential type registry/Create Permissions Policy=]. | ||
|
||
1. If |permission| is null, continue. | ||
|
||
1. If |document| is **not** [=allowed to use=] |permission|, return | ||
[=a promise rejected with=] a "{{NotAllowedError}}" {{DOMException}}. | ||
|
||
1. If <code>|options|.{{CredentialRequestOptions/signal}}</code> is [=AbortSignal/aborted=], | ||
then return [=a promise rejected with=] | ||
<code>|options|.{{CredentialRequestOptions/signal}}</code>'s [=AbortSignal/abort reason=]. | ||
|
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Already in Specref... don't need this... or WEB-OTP