[webauthn] #getAssertion alg needs to pass authenticator selection requirements to authenticatorGetAssertion operation from =JeffH via GitHub on 2017-10-13 (public-webauthn@w3.org from October 2017)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 13 Oct 2017 21:03:19 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-265418240-1507928584-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:

== #getAssertion alg needs to pass authenticator selection requirements to authenticatorGetAssertion operation ==
Ostensibly, RPs want/need to pass authenticatorSelection.requireUserVerification (aka "uv" in [CTAP](https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#authenticatorGetAssertion) parlance) in the [#getAssertion](https://w3c.github.io/webauthn/#getAssertion) call, per issue #629.

However, [authenticatorSelectionCriteria](https://w3c.github.io/webauthn/#authenticatorSelection) is part of [MakePublicKeyCredentialOptions](https://w3c.github.io/webauthn/#dictionary-makecredentialoptions), **_which is not passed at all_** to [#getAssertion](https://w3c.github.io/webauthn/#getAssertion), and thus is not subsequently passed to [webauthn's authenticatorGetAssertion operation](https://w3c.github.io/webauthn/#op-get-assertion), which subsequently needs to pass both "uv" and "up" booleans as options to, for example, [CTAP's authenticatorGetAssertion command](https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#authenticatorGetAssertion).
 

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/644 using your GitHub account

Received on Friday, 13 October 2017 21:03:08 UTC