Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add table numbers and captions #994

Merged
merged 3 commits into from
Jul 18, 2018
Merged

Add table numbers and captions #994

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d45d8f8
Add table numbers and captions
emlun Jul 11, 2018
7c6317f
Merge branch 'master' into issue-990-table-captions
Jul 12, 2018
bc15894
Add caption and number to authenticator types table
emlun Jul 12, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
222 changes: 123 additions & 99 deletions index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,25 @@ Boilerplate: omit conformance, omit feedback-header, omit abstract-header
Markup Shorthands: css off, markdown on
</pre>

<style type="text/css">
body {
counter-reset: table;
}
/* For some reason, doing the counter-increment on the figcaption like Bikeshed does with figures does not seem to work here. */
figure.table {
counter-increment: table;
}
figure.table figcaption {
counter-increment: none;
}
figure.table figcaption:not(.no-marker)::before {
content: "Table " counter(table) " ";
}
figure.table .overlarge {
max-width: 50em;
}
</style>


<!-- TODO: Clean out these anchor lists once they appear in Shepherd -->
<pre class="anchors">
Expand Down Expand Up @@ -2307,67 +2326,69 @@ format, and uses its knowledge of the authenticator to make trust decisions.
The [=authenticator data=] has a compact but extensible encoding. This is desired since authenticators can be devices with
limited capabilities and low power requirements, with much simpler software stacks than the client platform components.

The [=authenticator data=] structure is a byte array of 37 bytes or more, as follows.

<table class="complex data longlastcol">
<tr>
<th>Name</th>
<th>Length (in bytes)</th>
<th>Description</th>
</tr>
<tr>
<td><dfn>rpIdHash</dfn></td>
<td>32</td>
<td>
SHA-256 hash of the [=RP ID=] associated with the credential.
</td>
</tr>
<tr>
<td><dfn>flags</dfn></td>
<td>1</td>
<td>
Flags (bit 0 is the least significant bit):
- Bit 0: [=User Present=] ([=UP=]) result.
- `1` means the user is [=user present|present=].
- `0` means the user is not [=user present|present=].
- Bit 1: Reserved for future use (`RFU1`).
- Bit 2: [=User Verified=] ([=UV=]) result.
- `1` means the user is [=user verified|verified=].
- `0` means the user is not [=user verified|verified=].
- Bits 3-5: Reserved for future use (`RFU2`).
- Bit 6: [=Attested credential data=] included (`AT`).
- Indicates whether the authenticator added [=attested credential data=].
- Bit 7: Extension data included (`ED`).
- Indicates if the [=authenticator data=] has [=authDataExtensions|extensions=].
</td>
</tr>
<tr>
<td><dfn>signCount</dfn></td>
<td>4</td>
<td>[=Signature counter=], 32-bit unsigned big-endian integer.</td>
</tr>
<tr>
<td><dfn>attestedCredentialData</dfn></td>
<td>variable (if present)</td>
<td>
[=attested credential data=] (if present). See [[#sec-attested-credential-data]] for details. Its length depends on
the [=credentialIdLength|length=] of the [=credentialId|credential ID=] and [=credentialPublicKey|credential public
key=] being attested.
</td>
</tr>
<tr>
<td><dfn lt="authDataExtensions">extensions</dfn></td>
<td>variable (if present)</td>
<td>
Extension-defined [=authenticator data=]. This is a [=CBOR=] [[RFC7049]] map with [=extension identifiers=] as keys,
and [=authenticator extension outputs=] as values. See [[#extensions]] for details.
</td>
</tr>
</table>

NOTE: The names in the Name column in the above table are only for reference within this document, and are not present in the
actual representation of the [=authenticator data=].
The [=authenticator data=] structure is a byte array of 37 bytes or more, laid out as shown in [Table 1](#table-authData).

<figure id="table-authData" class="table">
<table class="complex data longlastcol">
<tr>
<th>Name</th>
<th>Length (in bytes)</th>
<th>Description</th>
</tr>
<tr>
<td><dfn>rpIdHash</dfn></td>
<td>32</td>
<td>
SHA-256 hash of the [=RP ID=] associated with the credential.
</td>
</tr>
<tr>
<td><dfn>flags</dfn></td>
<td>1</td>
<td>
Flags (bit 0 is the least significant bit):
- Bit 0: [=User Present=] ([=UP=]) result.
- `1` means the user is [=user present|present=].
- `0` means the user is not [=user present|present=].
- Bit 1: Reserved for future use (`RFU1`).
- Bit 2: [=User Verified=] ([=UV=]) result.
- `1` means the user is [=user verified|verified=].
- `0` means the user is not [=user verified|verified=].
- Bits 3-5: Reserved for future use (`RFU2`).
- Bit 6: [=Attested credential data=] included (`AT`).
- Indicates whether the authenticator added [=attested credential data=].
- Bit 7: Extension data included (`ED`).
- Indicates if the [=authenticator data=] has [=authDataExtensions|extensions=].
</td>
</tr>
<tr>
<td><dfn>signCount</dfn></td>
<td>4</td>
<td>[=Signature counter=], 32-bit unsigned big-endian integer.</td>
</tr>
<tr>
<td><dfn>attestedCredentialData</dfn></td>
<td>variable (if present)</td>
<td>
[=attested credential data=] (if present). See [[#sec-attested-credential-data]] for details. Its length depends on
the [=credentialIdLength|length=] of the [=credentialId|credential ID=] and [=credentialPublicKey|credential public
key=] being attested.
</td>
</tr>
<tr>
<td><dfn lt="authDataExtensions">extensions</dfn></td>
<td>variable (if present)</td>
<td>
Extension-defined [=authenticator data=]. This is a [=CBOR=] [[RFC7049]] map with [=extension identifiers=] as keys,
and [=authenticator extension outputs=] as values. See [[#extensions]] for details.
</td>
</tr>
</table>
<figcaption>
[=Authenticator data=] layout. The names in the Name column are only for reference within this document, and are not
present in the actual representation of the [=authenticator data=].
</figcaption>
</figure>

The [=RP ID=] is originally received from the client when the credential is created, and again when an assertion is generated.
However, it differs from other [=client data=] in some important ways. First, unlike the client data, the [=RP ID=] of a
Expand Down Expand Up @@ -2905,46 +2926,49 @@ understand the characteristics of the [=authenticators=] that they trust, based
### Attested credential data ### {#sec-attested-credential-data}

<dfn>Attested credential data</dfn> is a variable-length byte array added to the [=authenticator data=] when generating an [=attestation
object=] for a given credential. It has the following format:

<table class="complex data longlastcol">
<tr>
<th>Name</th>
<th>Length (in bytes)</th>
<th>Description</th>
</tr>
<tr>
<td><dfn>aaguid</dfn></td>
<td>16</td>
<td>The AAGUID of the authenticator.</td>
</tr>
<tr>
<td><dfn>credentialIdLength</dfn></td>
<td>2</td>
<td>Byte length <strong>L</strong> of Credential ID, 16-bit unsigned big-endian integer.</td>
</tr>
<tr>
<td><dfn>credentialId</dfn></td>
<td>L</td>
<td>[=Credential ID=]</td>
</tr>
<tr>
<td><dfn>credentialPublicKey</dfn></td>
<td>variable</td>
<td>
The [=credential public key=] encoded in COSE_Key format,
as defined in [=Section 7=] of [[RFC8152]], using the [=CTAP2 canonical CBOR encoding form=].
The COSE_Key-encoded [=credential public key=] MUST contain the "alg" parameter and MUST NOT
contain any other OPTIONAL parameters. The "alg" parameter MUST contain a {{COSEAlgorithmIdentifier}} value.
The encoded [=credential public key=] MUST also contain any additional REQUIRED parameters stipulated by the
relevant key type specification, i.e., REQUIRED for the key type "kty" and algorithm "alg" (see Section 8 of
[[RFC8152]]).
</td>
</tr>
</table>
object=] for a given credential. Its format is shown in [Table 2](#table-attestedCredentialData).

NOTE: The names in the Name column in the above table are only for reference within this document, and are not present in the
actual representation of the [=attested credential data=].
<figure id="table-attestedCredentialData" class="table">
<table class="complex data longlastcol">
<tr>
<th>Name</th>
<th>Length (in bytes)</th>
<th>Description</th>
</tr>
<tr>
<td><dfn>aaguid</dfn></td>
<td>16</td>
<td>The AAGUID of the authenticator.</td>
</tr>
<tr>
<td><dfn>credentialIdLength</dfn></td>
<td>2</td>
<td>Byte length <strong>L</strong> of Credential ID, 16-bit unsigned big-endian integer.</td>
</tr>
<tr>
<td><dfn>credentialId</dfn></td>
<td>L</td>
<td>[=Credential ID=]</td>
</tr>
<tr>
<td><dfn>credentialPublicKey</dfn></td>
<td>variable</td>
<td>
The [=credential public key=] encoded in COSE_Key format,
as defined in [=Section 7=] of [[RFC8152]], using the [=CTAP2 canonical CBOR encoding form=].
The COSE_Key-encoded [=credential public key=] MUST contain the "alg" parameter and MUST NOT
contain any other OPTIONAL parameters. The "alg" parameter MUST contain a {{COSEAlgorithmIdentifier}} value.
The encoded [=credential public key=] MUST also contain any additional REQUIRED parameters stipulated by the
relevant key type specification, i.e., REQUIRED for the key type "kty" and algorithm "alg" (see Section 8 of
[[RFC8152]]).
</td>
</tr>
</table>
<figcaption>
[=Attested credential data=] layout. The names in the Name column are only for reference within this document, and are not
present in the actual representation of the [=attested credential data=].
</figcaption>
</figure>

#### Examples of `credentialPublicKey` Values encoded in COSE_Key format #### {#sctn-encoded-credPubKey-examples}

Expand Down