Proposal for a Trusted Location Extension

Hello All,
Enclosed is proposed text for a verifiable location extension.  Note that this is bi-directional - the RP must request the extension, and the authenticator should provide the associated location data only when requested (i.e. it is not "unprompted" data). I can discuss this on the next conf. call on June 8.

-Giri Mandyam

Verifiable Location Request Extension

This extension allows a WebAuthn Relying Party to request an authenticator to add a verifiable location as extension data to either the packed attestation or assertion.

Extension Identifier

webauthn.loc-request

Client argument

Null

Client processing

This extension can only be used during makeCredential().  If the selected authenticator supports verifiable location, then the client MUST not prevent the extension from being returned in either the packed attestation or assertion.

Authenticator argument

If the authenticator supports extension selection AND supports the verifiable location, then the client MUST pass as an argument the extension identifier encoded as a CBOR text string.

Authenticator Processing

The authenticator SHOULD accept or reject the extension selection, and provide an indication to the client.  If the authenticator rejects the extension, then the authenticator SHOULD NOT add verifiable location to the packed attestation or assertion.

Authenticator data

The authenticator SHOULD provide an indication of acceptance or rejection with a CBOR encoded integer value of '1' (indicating acceptance of the requested extension) or '0' (indicating rejection).  Any returned values other than '1' or '0' would constitute rejection.

Verifiable Location Extension

This extension allows an authenticator to add a verifiable location as extension data to either the packed attestation or assertion.

Extension Identifier

webauthn.loc

Client argument

No client argument required.

Client processing

No client processing required.

Authenticator argument

No authenticator argument required.

Authenticator Processing

The authenticator SHOULD only add this extension to a packed attestation or assertion if the relying party has requested it via the webauthn.loc-request extension.

Authenticator data

The authenticator data SHOULD be a CBOR-encoded type 5 map.

Received on Tuesday, 7 June 2016 20:41:07 UTC