- From: Mandyam, Giridhar <mandyam@qti.qualcomm.com>
- Date: Tue, 7 Jun 2016 20:40:35 +0000
- To: W3C WebAuthn WG <public-webauthn@w3.org>
- Message-ID: <fe38859ac7b940129e65de9d57764b14@NASANEXM01C.na.qualcomm.com>
Hello All, Enclosed is proposed text for a verifiable location extension. Note that this is bi-directional - the RP must request the extension, and the authenticator should provide the associated location data only when requested (i.e. it is not "unprompted" data). I can discuss this on the next conf. call on June 8. -Giri Mandyam Verifiable Location Request Extension This extension allows a WebAuthn Relying Party to request an authenticator to add a verifiable location as extension data to either the packed attestation or assertion. Extension Identifier webauthn.loc-request Client argument Null Client processing This extension can only be used during makeCredential(). If the selected authenticator supports verifiable location, then the client MUST not prevent the extension from being returned in either the packed attestation or assertion. Authenticator argument If the authenticator supports extension selection AND supports the verifiable location, then the client MUST pass as an argument the extension identifier encoded as a CBOR text string. Authenticator Processing The authenticator SHOULD accept or reject the extension selection, and provide an indication to the client. If the authenticator rejects the extension, then the authenticator SHOULD NOT add verifiable location to the packed attestation or assertion. Authenticator data The authenticator SHOULD provide an indication of acceptance or rejection with a CBOR encoded integer value of '1' (indicating acceptance of the requested extension) or '0' (indicating rejection). Any returned values other than '1' or '0' would constitute rejection. Verifiable Location Extension This extension allows an authenticator to add a verifiable location as extension data to either the packed attestation or assertion. Extension Identifier webauthn.loc Client argument No client argument required. Client processing No client processing required. Authenticator argument No authenticator argument required. Authenticator Processing The authenticator SHOULD only add this extension to a packed attestation or assertion if the relying party has requested it via the webauthn.loc-request extension. Authenticator data The authenticator data SHOULD be a CBOR-encoded type 5 map.
Received on Tuesday, 7 June 2016 20:41:07 UTC