You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: index.bs
+13-11Lines changed: 13 additions & 11 deletions
Original file line number
Diff line number
Diff line change
@@ -2234,9 +2234,7 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
2234
2234
</dl>
2235
2235
</li>
2236
2236
2237
-
1. Throw a "{{NotAllowedError}}" {{DOMException}}. In order to prevent information leak that could identify the
2238
-
user without [=user consent|consent=], this step MUST NOT be executed before |lifetimeTimer| has expired. See
2239
-
[[#sctn-make-credential-privacy]] for details.
2237
+
1. Throw a "{{NotAllowedError}}" {{DOMException}}.
2240
2238
2241
2239
During the above process, the user agent SHOULD show some UI to the user to guide them in the process of selecting and
2242
2240
authorizing an authenticator. When <code>|options|.{{CredentialCreationOptions/mediation}}</code> is set to {{CredentialMediationRequirement/conditional}}, prominent modal UI should <i>not</i> be shown <i>unless</i> credential creation was previously consented to via means determined by the user agent.
@@ -2683,9 +2681,7 @@ When this method is invoked, the user agent MUST execute the following algorithm
2683
2681
1. Return |constructAssertionAlg| and terminate this algorithm.
2684
2682
</dl>
2685
2683
2686
-
1. Throw a "{{NotAllowedError}}" {{DOMException}}. In order to prevent information leak that could identify the
2687
-
user without [=user consent|consent=], this step MUST NOT be executed before |lifetimeTimer| has expired. See
2688
-
[[#sctn-assertion-privacy]] for details.
2684
+
1. Throw a "{{NotAllowedError}}" {{DOMException}}.
2689
2685
2690
2686
</div>
2691
2687
@@ -8806,8 +8802,8 @@ credential|credentials=] listed by the [=[RP]=] in {{PublicKeyCredentialCreation
8806
8802
If the above cases are distinguishable, information is leaked by which a malicious [=[RP]=] could identify the user by probing for
8807
8803
which [=public key credential|credentials=] are available. For example, one such information leak is if the client returns a
8808
8804
failure response as soon as an excluded [=authenticator=] becomes available. In this case - especially if the excluded
8809
-
[=authenticator=] is a [=platform authenticator=] - the [=[RP]=] could detect that the [=ceremony=] was canceled before the
8810
-
timeout and before the user could feasibly have canceled it manually, and thus conclude that at least one of the [=public key
8805
+
[=authenticator=] is a [=platform authenticator=] - the [=[RP]=] could detect that the [=ceremony=] was canceled
8806
+
before the user could feasibly have canceled it manually, and thus conclude that at least one of the [=public key
8811
8807
credential|credentials=] listed in the {{PublicKeyCredentialCreationOptions/excludeCredentials}} parameter is available to the user.
8812
8808
8813
8809
The above is not a concern, however, if the user has [=user consent|consented=] to create a new credential before a
@@ -8826,12 +8822,18 @@ key credential|credential=] is listed by the [=[RP]=] in {{PublicKeyCredentialRe
8826
8822
- A named [=public key credential|credential=] is available, but the user does not [=user consent|consent=] to use it.
8827
8823
8828
8824
If the above cases are distinguishable, information is leaked by which a malicious [=[RP]=] could identify the user by probing
8829
-
for which [=public key credential|credentials=] are available. For example, one such information leak is if the client returns a
8830
-
failure response as soon as the user denies [=user consent|consent=] to proceed with an [=authentication ceremony=]. In this
8831
-
case the [=[RP]=] could detect that the [=ceremony=] was canceled by the user and not the timeout, and thus conclude that at least
8825
+
for which [=public key credential|credentials=] are available.
8826
+
For example, one such information leak may happen if the client displays instructions and controls
8827
+
for canceling or proceeding with the [=authentication ceremony=]
8828
+
only after discovering an [=authenticator=] that [=contains=] a named [=credential=].
8829
+
In this case, if the [=[RP]=] is aware of this [=client=] behavior,
8830
+
the [=[RP]=] could detect that the [=ceremony=] was canceled by the user and not the timeout, and thus conclude that at least
8832
8831
one of the [=public key credential|credentials=] listed in the {{PublicKeyCredentialRequestOptions/allowCredentials}} parameter is
8833
8832
available to the user.
8834
8833
8834
+
This concern may be addressed by displaying controls allowing the user to cancel an [=authentication ceremony=] at any time,
8835
+
regardless of whether any named [=credentials=] are available.
8836
+
8835
8837
8836
8838
### Privacy Between Operating System Accounts ### {#sctn-os-account-privacy}
0 commit comments