- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Thu, 28 Jul 2016 21:50:38 +0000
- To: public-webauthn@w3.org
wrt @gmandyam's comment https://github.com/w3c/webauthn/issues/108#issuecomment-235894994 ... > @equalsjeffh wrote.. >> Re: "if we keep the specification of the presently-known webauthn attestation formats in the webauthn spec" > In my opinion, the only attestation format specification format that might be kept in the spec is packed, because it is defined in the WebAuthn standard itself. Since the other types of attestations are defined by other organizations, I'm sorry, but I disagree with the latter claim -- other orgs may define the core components of the attestation facilities leveraged by webauthn, i.e., specifically that of TPMs and of Android SafetyNet -- we however need to specify **how** we leverage those facilities in the context of WebAuthn. It is not sufficient to simply point at the TPM specs and the SafetyNet specs and say "just do that stuff and plug the resultant blob in here". > the attestation registry can hold those references (to specifications for Android platform, TCG/TPM, etc). As far as I understand, W3C specs can, and do, reference non-W3C specifications, and so having references to TPM and Android SafetyNet should not be an issue in and of themselves. Note also that they are not "Mandatory To Implement" in the context of the WebAuthn spec. > One possibility is to create a new W3C specification for packed attestation, and include the reference to it in the registry. This way, we can be internally consistent with the registry approach. I do not agree that just because we (will) have a registry, that there is any valuable consistency to be gained by having all the attestation format webauthn-specific normative text in specs other then WebAuthn. I think we ought to place in the WebAuthn spec the attestation format webauthn-specific normative text we know about at this time in the WebAuthn spec proper for essentially the same reasons @selfissued argues for doing so. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/108#issuecomment-236036079 using your GitHub account
Received on Thursday, 28 July 2016 21:50:45 UTC