You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: index.bs
+13-11Lines changed: 13 additions & 11 deletions
Original file line number
Diff line number
Diff line change
@@ -2234,9 +2234,7 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
2234
2234
</dl>
2235
2235
</li>
2236
2236
2237
-
1. Throw a "{{NotAllowedError}}" {{DOMException}}. In order to prevent information leak that could identify the
2238
-
user without [=user consent|consent=], this step MUST NOT be executed before |lifetimeTimer| has expired. See
2239
-
[[#sctn-make-credential-privacy]] for details.
2237
+
1. Throw a "{{NotAllowedError}}" {{DOMException}}.
2240
2238
2241
2239
During the above process, the user agent SHOULD show some UI to the user to guide them in the process of selecting and
2242
2240
authorizing an authenticator. When <code>|options|.{{CredentialCreationOptions/mediation}}</code> is set to {{CredentialMediationRequirement/conditional}}, prominent modal UI should <i>not</i> be shown <i>unless</i> credential creation was previously consented to via means determined by the user agent.
@@ -2683,9 +2681,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
2683
2681
1. Return |constructAssertionAlg| and terminate this algorithm.
2684
2682
</dl>
2685
2683
2686
-
1. Throw a "{{NotAllowedError}}" {{DOMException}}. In order to prevent information leak that could identify the
2687
-
user without [=user consent|consent=], this step MUST NOT be executed before |lifetimeTimer| has expired. See
2688
-
[[#sctn-assertion-privacy]] for details.
2684
+
1. Throw a "{{NotAllowedError}}" {{DOMException}}.
2689
2685
2690
2686
</div>
2691
2687
@@ -8834,8 +8830,8 @@ credential|credentials=] listed by the [=[RP]=] in {{PublicKeyCredentialCreation
8834
8830
If the above cases are distinguishable, information is leaked by which a malicious [=[RP]=] could identify the user by probing for
8835
8831
which [=public key credential|credentials=] are available. For example, one such information leak is if the client returns a
8836
8832
failure response as soon as an excluded [=authenticator=] becomes available. In this case - especially if the excluded
8837
-
[=authenticator=] is a [=platform authenticator=] - the [=[RP]=] could detect that the [=ceremony=] was canceled before the
8838
-
timeout and before the user could feasibly have canceled it manually, and thus conclude that at least one of the [=public key
8833
+
[=authenticator=] is a [=platform authenticator=] - the [=[RP]=] could detect that the [=ceremony=] was canceled
8834
+
before the user could feasibly have canceled it manually, and thus conclude that at least one of the [=public key
8839
8835
credential|credentials=] listed in the {{PublicKeyCredentialCreationOptions/excludeCredentials}} parameter is available to the user.
8840
8836
8841
8837
The above is not a concern, however, if the user has [=user consent|consented=] to create a new credential before a
@@ -8854,12 +8850,18 @@ key credential|credential=] is listed by the [=[RP]=] in {{PublicKeyCredentialRe
8854
8850
- A named [=public key credential|credential=] is available, but the user does not [=user consent|consent=] to use it.
8855
8851
8856
8852
If the above cases are distinguishable, information is leaked by which a malicious [=[RP]=] could identify the user by probing
8857
-
for which [=public key credential|credentials=] are available. For example, one such information leak is if the client returns a
8858
-
failure response as soon as the user denies [=user consent|consent=] to proceed with an [=authentication ceremony=]. In this
8859
-
case the [=[RP]=] could detect that the [=ceremony=] was canceled by the user and not the timeout, and thus conclude that at least
8853
+
for which [=public key credential|credentials=] are available.
8854
+
For example, one such information leak may happen if the client displays instructions and controls
8855
+
for canceling or proceeding with the [=authentication ceremony=]
8856
+
only after discovering an [=authenticator=] that [=contains=] a named [=credential=].
8857
+
In this case, if the [=[RP]=] is aware of this [=client=] behavior,
8858
+
the [=[RP]=] could detect that the [=ceremony=] was canceled by the user and not the timeout, and thus conclude that at least
8860
8859
one of the [=public key credential|credentials=] listed in the {{PublicKeyCredentialRequestOptions/allowCredentials}} parameter is
8861
8860
available to the user.
8862
8861
8862
+
This concern may be addressed by displaying controls allowing the user to cancel an [=authentication ceremony=] at any time,
8863
+
regardless of whether any named [=credentials=] are available.
8864
+
8863
8865
8864
8866
### Privacy Between Operating System Accounts ### {#sctn-os-account-privacy}
0 commit comments