Matthew Miller

icon indicating a website link https://blog.millerti.me

icon company Duo Security at @cisco-sbg icon location CA, USA icon location (a.k.a. IAmKale) I write lots of TypeScript, but am also quite fond of Python. A driving question: how can I make life easier for other devs? 🤔

Results 39 issues of Matthew Miller

Rename `AuthenticatorDevice` type and usage

## Describe the issue I don't like that the "`authenticator`" argument in `verifyAuthenticationResponse()` is of type "`AuthenticatorDevice`". I decided these names four years ago, and in retrospect it should have...

Add cross-origin flag verification

1 comment

## Describe the issue WebAuthn L3 is being updated with explicit verification steps for the `clientDataJSON.crossOrigin` flag: https://github.com/w3c/webauthn/pull/2166 I should update both `verifyRegistrationResponse()` and `verifyAuthenticationResponse()` to support verifying this flag...

Feature: allow hints without attachment

6 comment

I got another ask to consider enabling testing of hints without setting `authenticatorAttachment`. I should probably enable this, if it helps out certain browser vendors roll out hints support...

Alternative error codes

6 comment

This PR proposes alternative [WHATWG `DOMException` errors](https://webidl.spec.whatwg.org/#idl-DOMException-error-names) to be raised across various WebAuthn interactions. There is an assumption that the user has meaningfully interacted with some part of the ceremony...

@Risk

Return more nuanced errors

7 comment

These suggestions were pulled out of a comment I made in https://github.com/w3c/webauthn/issues/2062#issuecomment-2093823953. This new issue pulls out the five new errors I'm proposing we add to WebAuthn to help restart...

type:technical

Add a11y guidance for user agents

This PR adds informative guidance to user agents encouraging them to mediate presentation and issuance requests in a way that supports a wide range of accessible inputs and outputs. The...

Horizontal Review - Accessibility

1 comment

## Description Work through [this questionnaire](https://w3c.github.io/apa/fast/checklist.html) then [request a review via GitHub](https://github.com/w3c/a11y-request/issues/new/choose) from [APA](https://www.w3.org/WAI/APA/) Reviewing the checklist can be used to bootstrap initial content for the Accessibility Consideration of the...

w3c-process

Horizontal Review - Privacy

1 comment

## Description Write a "Privacy Considerations" section for your document, taking into account the [Self-Review Questionnaire: Security and Privacy](https://www.w3.org/TR/security-privacy-questionnaire/), [Mitigating Browser Fingerprinting in Web Specifications](https://www.w3.org/TR/fingerprinting-guidance/), and [RFC6973](https://www.rfc-editor.org/rfc/rfc6973.html) then [request a...

w3c-process

Horizontal Review - Security

## Description Write a "Security Considerations" section for your document, taking into account the [Self-Review Questionnaire: Security and Privacy](https://www.w3.org/TR/security-privacy-questionnaire/), then [request a review via GitHub](https://github.com/w3c/security-request/issues/new/choose)

w3c-process

Horizontal Review - Internationalization

## Description Read the [Request a review page](https://www.w3.org/International/review-request), then work through the [Short Checklist](https://www.w3.org/International/i18n-drafts/techniques/shortchecklist), then [request a review via GitHub](https://github.com/w3c/i18n-request/issues/new/choose).

w3c-process