Proposal for W3C-style Attestation Registry

Bearing in mind the proposal in, I am enclosing a proposal for an attestation registry that is more in line with recent W3C registries such as the one for MSE bytestream formats (  Note the following:

a)      It is not clear (at least to me) how best to handle additional clientData for candidate attestation formats.  I am proposing that any new attestation format must specify any extensions to the ClientData dictionary it requires, but I am unclear as to whether this should even be allowed for candidate attestation formats.  If such information is missing from the corresponding specification for a candidate attestation format, then it will be assumed that clientData defaults to whatever the client implementation (user agent) supports.

b)      Proprietary attestation formats should be clearly designated as such, and I am suggesting to do so with a vendor prefix.  An example would be SafetyNet.

c)      I used the "type" attribute as this is consistent with the current specification.

d)      Disregard the self-referring hyperlinks in this document (e.g.  These can be updated if the group decides to adopt this registry.

-Giri Mandyam, Qualcomm

Received on Tuesday, 23 August 2016 14:18:25 UTC