[webauthn] Pull Request: Add more requirements for ClientDataJSON serialisation. from Adam Langley via GitHub on 2020-02-24 (public-webauthn@w3.org from February 2020)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Mon, 24 Feb 2020 21:58:56 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-379252468-1582581534-sysbot+gh@w3.org>

agl has just submitted a new pull request for https://github.com/w3c/webauthn:

== Add more requirements for ClientDataJSON serialisation. ==
ClientDataJSON is currently defined to be the JSON encoding of the
CollectedClientData. This implies that validators require a full JSON
parsing library to check needed entries in the ClientDataJSON such as
the challenge, type, and origin.

This is a problematic dependency in some cases. This change seeks to
address that by being stricter about the encoding, while still
generating JSON. Thus existing validators do not need to change but
those willing to require recent WebAuthn-implementing browsers can avoid
the full generality of JSON.

See https://github.com/w3c/webauthn/pull/1375

Received on Monday, 24 February 2020 21:58:57 UTC