Skip to content

Commit 5b169df

Browse files
emlunemlun
committed
Move Features section first in README
1 parent 1aa00d9 commit 5b169df

File tree

1 file changed

+23
-23
lines changed

1 file changed

+23
-23
lines changed

README

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,29 @@ If you are, we urge you to upgrade your Java deployment to a version that is saf
3333
toc::[]
3434

3535

36+
== Features
37+
38+
- Generates request objects suitable as parameters to
39+
`navigator.credentials.create()` and `.get()`
40+
- Performs all necessary
41+
https://www.w3.org/TR/webauthn/#sctn-rp-operations[validation logic] on the
42+
response from the client
43+
- No mutable state or side effects - everything (except builders) is thread safe
44+
- Optionally integrates with an "attestation trust source" to verify
45+
https://www.w3.org/TR/webauthn/#sctn-attestation[authenticator attestations]
46+
- Reproducible builds: release signatures match fresh builds from source. See
47+
link:#reproducible-builds[Reproducible builds] below.
48+
49+
50+
=== Non-features
51+
52+
This library has no concept of accounts, sessions, permissions or identity
53+
federation, and it is not an authentication framework; it only deals with
54+
executing the WebAuthn authentication mechanism. Sessions, account management
55+
and other higher level concepts can make use of this authentication mechanism,
56+
but the authentication mechanism alone does not make a security system.
57+
58+
3659
== Dependency configuration
3760

3861
Maven:
@@ -82,29 +105,6 @@ In addition to the main `webauthn-server-core` module, there is also:
82105
https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-attestation[attestation statements].
83106

84107

85-
== Features
86-
87-
- Generates request objects suitable as parameters to
88-
`navigator.credentials.create()` and `.get()`
89-
- Performs all necessary
90-
https://www.w3.org/TR/webauthn/#sctn-rp-operations[validation logic] on the
91-
response from the client
92-
- No mutable state or side effects - everything (except builders) is thread safe
93-
- Optionally integrates with an "attestation trust source" to verify
94-
https://www.w3.org/TR/webauthn/#sctn-attestation[authenticator attestations]
95-
- Reproducible builds: release signatures match fresh builds from source. See
96-
link:#reproducible-builds[Reproducible builds] below.
97-
98-
99-
=== Non-features
100-
101-
This library has no concept of accounts, sessions, permissions or identity
102-
federation, and it is not an authentication framework; it only deals with
103-
executing the WebAuthn authentication mechanism. Sessions, account management
104-
and other higher level concepts can make use of this authentication mechanism,
105-
but the authentication mechanism alone does not make a security system.
106-
107-
108108
== Documentation
109109

110110
See the

0 commit comments

Comments
 (0)