Patch #1 of multiple. Add webauth .mojom and initial usage of makeCredential.

components/webauth/authenticator.mojom

Index: components/webauth/authenticator.mojom
diff --git a/components/webauth/authenticator.mojom b/components/webauth/authenticator.mojom
new file mode 100644
index 0000000000000000000000000000000000000000..98130b555960a175e6e89f1945d3aa31ac67abd8
--- /dev/null
+++ b/components/webauth/authenticator.mojom
@@ -0,0 +1,73 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+[JavaPackage="org.chromium.webauth.mojom"]
+module webauth.mojom;
+
+// This file describes the communication between the WebAuthentication renderer
+// implementation and browser-side implementations to create scoped credentials
+// and use already-created credentials to get assertions.
+// See https://w3c.github.io/webauthn/.
+
+// The public key and attestation that is returned by an authenticator's 
+// call to makeCredential.
+struct ScopedCredentialInfo {
+  array<uint8> client_data;
+  array<uint8> attestation;
+};
+
+// Information about the relying party and the user account held by that 
+// relying party. This information is used by the authenticator to create 
+// or retrieve an appropriate scoped credential for this account.
+struct RelyingPartyAccount {
+  string relying_party_display_name;
+  string display_name;
+  string id;
+  string name;
+  string image_url;
+};
+
+// Parameters that are used to generate an appropriate scoped credential.
+struct ScopedCredentialParameters {
+  ScopedCredentialType type;
+  // TODO(kpaulhamus): add AlgorithmIdentifier algorithm;
+};
+
+// Optional parameters that are used during makeCredential. 
+struct ScopedCredentialOptions {
+  int32 timeout_seconds;
+  string relying_party_id;
+  array<ScopedCredentialDescriptor> exclude_list;
+  // TODO(kpaulhamus): add Extensions
+};
+
+enum ScopedCredentialType {
+  SCOPEDCRED,
+};
+
+// Describes the credentials that the relying party already knows about for
+// the given account. If any of these are known to the authenticator, 
+// it should not create a new credential.
+struct ScopedCredentialDescriptor {
+  ScopedCredentialType type;
+  array<uint8> id;

[dcheng, 2017/04/24 12:25:26]

Similarly, any structure or form to |id| here? Are there any limits on the size
of inputs here?

[kpaulhamus, 2017/04/24 17:48:34]

Ah, yeah, 255 bytes. Would I note that in a comment and then enforce during the
conversion?

[dcheng, 2017/04/25 12:52:14]

I guess that's the best we can do for now, sadly.

+  array<Transport> transports;
+};
+
+enum Transport {
+  USB,
+  NFC,
+  BLE,
+};
+
+// Interface to direct authenticators to create or use a scoped credential.
+interface Authenticator {
+  // Gets the credential info for a new credential created by an authenticator
+  // for the given relying party and account. 
+  makeCredential(RelyingPartyAccount account_information,

[dcheng, 2017/04/24 12:25:26]

Nit: MakeCredential

[kpaulhamus, 2017/04/24 17:48:34]

Done.

+                 array<ScopedCredentialParameters> crypto_parameters,
+                 array<uint8> attestation_challenge,

[dcheng, 2017/04/24 12:25:26]

Similar question here: is this byte array input fixed size? Is there a
reasonable upper bound?

[kpaulhamus, 2017/04/24 17:48:34]

Nope, this is just an encrypted blob with stuff for the server to use to store
state.

+                 ScopedCredentialOptions? options)
+      => (array<ScopedCredentialInfo> scoped_credentials);

[dcheng, 2017/04/24 12:25:26]

I might be reading the spec incorrectly, but it seems like the makeCredential()
web API only returns one ScopedCredentialInfo. Does this need to return an
array?

[kpaulhamus, 2017/04/24 17:48:34]

No, you're reading it correctly; the spec changed. The mojom correctly reflects
it in this downstream patch: https://codereview.chromium.org/2788823002/

+};