- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Mon, 17 Oct 2016 23:59:49 +0000
- To: public-webauthn@w3.org
equalsJeffH has just created a new issue for
https://github.com/w3c/webauthn:
== polish {#sample-authentication} wrt authn assertion validation ==
there seems to be various issues with the middle substep of this step
(9) of {#sample-authentication}..
```
9. If an assertion was successfully generated and returned,
- The script sends the assertion to the server.
- The server examines the assertion and validates that it was
correctly generated.
If so, it looks up the identity associated with the associated
public key; that identity
is now authenticated. If the public key is not recognized by
the server (e.g., deregistered
by server due to inactivity) then the authentication has
failed; each [RP] will handle
this in its own way.
- The server now does whatever it would otherwise do upon
successful authentication --
return a success page, set authentication cookies, etc.
```
..perhaps it should read more like this..
```
9. If an assertion was successfully generated and returned,
- The script sends the assertion to the server.
- The server examines the assertion, extracts the credential ID,
looks up the registered
credential public key it is database, and verifies the
assertion's authentication signature.
If valid, it looks up the identity associated with the
assertion's credential ID; that
identity is now authenticated. If the credential ID, is not
recognized by the server (e.g.,
deregistered by server due to inactivity) then the
authentication has failed; each [RP]
will handle this in its own way.
- The server now does whatever it would otherwise do upon
successful authentication --
return a success page, set authentication cookies, etc.
```
..?
Please view or discuss this issue at
https://github.com/w3c/webauthn/issues/234 using your GitHub account
Received on Monday, 17 October 2016 23:59:55 UTC