This repository has been archived by the owner on Feb 16, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 10
/
index.html
104 lines (99 loc) · 3.39 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>uuid</title>
<script src="https://www.w3.org/Tools/respec/respec-w3c" class="remove"></script>
<script class='remove'>
"use strict";
// See https://github.com/w3c/respec/wiki/ for how to configure ReSpec
var respecConfig = {
"githubAPI": "WICG/uuid",
"editors": [{
name: "bcoe",
email: "bencoe@google.com",
company: "Google",
companyURL: "https://google.com",
},
// Add additional editors here.
// https://github.com/w3c/respec/wiki/editors
],
otherLinks: [{
key: 'Participation',
data: [
{
value: 'GitHub repository',
href: 'https://github.com/WICG/visual-viewport/'
}
]
}],
"shortName": "uuid",
"specStatus": "CG-DRAFT",
"group": "wicg"
};
</script>
</head>
<body>
<section id="abstract">
<p>
This specification describes an API for generating character encoded
Universally Unique Identifiers (UUID) based on [[RFC4122]], available
as a method on the
<code><dfn data-cite="WebCryptoAPI/#dfn-Crypto">Crypto</dfn></code>
interface.
</p>
</section>
<section id='sotd'>
</section>
</section>
<section id="introduction">
<h2>Introduction</h2>
<em>This section is non-normative.</em>
<h3 class="heading settled" data-level="1.1" id="intro">
<span class="secno">1.1 </span>
<span class="content">Motivation</span>
<a class="self-link" href="#intro"></a>
</h3>
<h4>UUID generation is a common software requirement</h3>
<p>
The <a href="https://www.npmjs.com/package/uuid">uuid library</a> on npm
currently receives 131,000,000 monthly downloads and is relied on by over
2,600,000 repositories (as of June 2019).
</p>
<p>
The ubiquitous nature of the `uuid` module demonstrates that UUID generation is a common
requirement for JavaScript software applications, making the functionality a good candidate for the
standard library.
</p>
<h4>Developers "re-inventing the wheel" is potentially harmful</h4>
<p>
Developers who have not been exposed to [[RFC4122]] might naturally opt to invent their own approaches
to UUID generation, potentially using <code>Math.random()</code> (in <a href="https://medium.com/@betable/tifu-by-using-math-random-f1c308c4fd9d">TIFU by using <code>Math.random()</code></a>
there's an in-depth discussion of why a Cryptographically-Secure-Pseudo-Random-Number-Generator
(CSPRNG) should be used when generating UUIDs. Of primary concern is that, without a high-quality source
of randomness, collisions can frequently occur.
</p>
<p>
Introducing a UUID standard library, which dictates that a CSPRNG must be used, helps protect
developers from security pitfalls.
</p>
</section>
<section id="conformance"></section>
<section>
<h2>Description</h2>
<section data-dfn-for="Crypto">
<h3>Extensions to the <code>Crypto</code> interface</h3>
<p>
The <dfn data-cite="WebCryptoAPI/#dfn-Crypto">Crypto</dfn> interface is
defined in [[!WebCryptoAPI]].
</p>
<pre class="idl">
[Exposed=(Window,Worker)]
partial interface <dfn id="dfn-Crypto"></dfn>Crypto</dfn> {
DOMString randomUUID();
};
</pre>
</section>
</section>
</body>
</html>