-
-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need to add two more properties to AttestationVerificationSuccess #27
Comments
Why do we need them? Are they needed as parameters to the assertion step? |
Yes. If you look at the last step in verification procedures: https://www.w3.org/TR/webauthn/#packed-attestation They all say "If successful, return attestation type (ATT_TYPE) and attestation trust path (TRUST_PATH) ." Currently we only return credential ID, public key, and user. |
Alright. But there doesn't seem to be very defined values. I guess we could use a TypedString with values from the paranthesis is https://www.w3.org/TR/webauthn/#sctn-attestation-types
Should the trustpath be an array of byte arrays maybe? |
Made some improvements, but still unsure on how to best return the trustpath since it's not always x509 keys? |
I don't know what the trust path is supposed to look like either. Definitely something that will need to be researched. |
I now have a better understanding of the wording used. We do not need these after all in AttestationVerificationSuccess, but they are needed for step 16 in VerifyAsync. This can be closed out as well. |
Attestation type:
From https://www.w3.org/TR/webauthn/#attestation-type
Based on https://www.w3.org/TR/webauthn/#sctn-attestation-types, seems like string, one of "Basic", "Self", "AttCA", "ECDAA", or "None"
Trust path:
https://www.w3.org/TR/webauthn/#attestation-trust-path
Seems like could be empty, a byte array (ECDAA) or a number of byte arrays (x5c where x5c has multiple values).
The text was updated successfully, but these errors were encountered: