[webauthn] tokenBinding in ClientData should be a binary type (perhaps base64) and not JsonWebKey from Vijay Bharadwaj via GitHub on 2016-08-12 (public-webauthn@w3.org from August 2016)

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Fri, 12 Aug 2016 17:04:20 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-170915818-1471021458-sysbot+gh@w3.org>

vijaybh has just created a new issue for 
https://github.com/w3c/webauthn:

== tokenBinding in ClientData should be a binary type (perhaps base64)
 and not JsonWebKey ==
The current Token Binding drafts at 
https://datatracker.ietf.org/doc/draft-ietf-tokbind-protocol/ define a
 binary token binding ID - currently this is just a serialization of 
the public key but the idea is to create an abstraction where it might
 include other things in future. My understanding is that users of 
this protocol would be encouraged to treat the TB ID as an opaque 
binary blob and do bitwise comparisons.

Accordingly, it seems better to change the type of tokenBinding from 
JsonWebKey to a binary type. Since the ClientData is serialized and 
hashed into clientDataHash, it seems reasonable to do base64 rather 
than an array type, just to make for a less messy JSON serialization.

@balfanz is our resident Token Binding expert - any thoughts on this?

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/163 using your GitHub account

Received on Friday, 12 August 2016 17:04:27 UTC