Patch #1 of multiple. Add webauth .mojom and initial usage of makeCredential.

components/webauth/authenticator.mojom

Index: components/webauth/authenticator.mojom
diff --git a/components/webauth/authenticator.mojom b/components/webauth/authenticator.mojom
new file mode 100644
index 0000000000000000000000000000000000000000..7f747a2449e29a380cb0cef9464d43524c138caa
--- /dev/null
+++ b/components/webauth/authenticator.mojom
@@ -0,0 +1,73 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+[JavaPackage="org.chromium.webauth.mojom"]
+module webauth.mojom;
+
+// This file describes the communication between the WebAuthentication renderer
+// implementation and browser-side implementations to create scoped credentials
+// and use already-created credentials to get assertions.
+// See https://w3c.github.io/webauthn/.
+
+// The public key and attestation that is returned by an authenticator's 
+// call to makeCredential.
+struct ScopedCredentialInfo {
+  array<uint8> client_data;
+  array<uint8> attestation;
+};
+
+// Information about the relying party and the user account held by that 
+// relying party. This information is used by the authenticator to create 
+// or retrieve an appropriate scoped credential for this account.
+struct RelyingPartyAccount {
+  string relying_party_display_name;
+  string display_name;
+  string id;
+  string name;
+  string image_url;
+};
+
+// Parameters that are used to generate an appropriate scoped credential.
+struct ScopedCredentialParameters {
+  ScopedCredentialType type;
+  // TODO(kpaulhamus): add AlgorithmIdentifier algorithm;
+};
+
+// Optional parameters that are used during makeCredential. 
+struct ScopedCredentialOptions {
+  int32 timeout_seconds;

[dcheng, 2017/04/25 12:52:14]

Mind adding a todo to use something like mojo.common.mojom.TimeDelta here as
well in the future?

(No need for image_url, since you mentioned you already have a CL for that)

[kpaulhamus, 2017/05/03 17:00:45]

Yeah, the TODO is present in CL#2 (you made the same comment in that CL)

+  string relying_party_id;
+  array<ScopedCredentialDescriptor> exclude_list;
+  // TODO(kpaulhamus): add Extensions
+};
+
+enum ScopedCredentialType {
+  SCOPEDCRED,
+};
+
+// Describes the credentials that the relying party already knows about for
+// the given account. If any of these are known to the authenticator, 
+// it should not create a new credential.
+struct ScopedCredentialDescriptor {
+  ScopedCredentialType type;
+  array<uint8> id;
+  array<Transport> transports;
+};
+
+enum Transport {
+  USB,
+  NFC,
+  BLE,
+};
+
+// Interface to direct authenticators to create or use a scoped credential.
+interface Authenticator {
+  // Gets the credential info for a new credential created by an authenticator
+  // for the given relying party and account. 
+  MakeCredential(RelyingPartyAccount account_information,
+                 array<ScopedCredentialParameters> crypto_parameters,
+                 array<uint8> attestation_challenge,
+                 ScopedCredentialOptions? options)
+      => (array<ScopedCredentialInfo> scoped_credentials);
+};