-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove TokenBinding #1630
Remove TokenBinding #1630
Conversation
Notes from call: Should mark TokenBinding as a reserved name within the ClientData |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per the discussion on the 30-Jun-21 call, I believe that the existing Token Binding identifiers in the specification should be marked as reserved, probably saying that they were used in L1 and L2, and not simply removed.
This reverts commit 5c4ce34.
index.bs
Outdated
with the [=[RP]=]. Its absence indicates that the client doesn't support token binding. | ||
with the [=[RP]=]. Its absence indicates that the client doesn't support token binding | ||
|
||
Note: While [=Token Binding=] was present in Level 1 and Level 2 of WebAuthn, it should not be expected to be present or supported in future versions of the specification. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change "it should not be expected to be present or supported in future versions of the specification" to "its use is not expected in Level 3. The {{CollectedClientData/tokenBinding}} field is reserved so that it will not be reused for a different purpose."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update the language about the tokenBinding
field being reserved as suggested.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for accepting my suggestions.
SHA: a30f8e8 Reason: push, by @nicksteele Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This addresses the issues #1627 and #1623 along with what we discussed in the bi-weekly meeting. All references to
TokenBinding
have been removed from the document and IDLs, although I would be open to leaving a partial reference with a DEPRECATED flair in the ClientDataJSON section for posterity.Preview | Diff