W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2016

Proposal for a Trusted Location Extension, rev 2

From: Mandyam, Giridhar <mandyam@qti.qualcomm.com>
Date: Wed, 15 Jun 2016 14:32:44 +0000
To: W3C WebAuthn WG <public-webauthn@w3.org>
Message-ID: <d855070fd05e4ddc87c864cedadd552c@NASANEXM01C.na.qualcomm.com>
Hello All,
Enclosed is a revision of the proposed text for a verifiable location extension.  The proposed extension is still bi-directional (RP must request the extension, and the authenticator should provide the associated location data only when requested), but it has been collapsed into one extension rather than a separate one for request and one for response.

-Giri Mandyam

Verifiable Location Extension

This extension allows a WebAuthn Relying Party to request an authenticator to add a verifiable location as extension data to either the packed attestation or assertion.  The authenticator, if it supports the extension and does not reject the request, can add location data to either a packed attestation or assertion.

Extension Identifier

webauthn.loc

Client argument

Null.

Client processing

This extension can only be used during makeCredential() or getAssertion().  If the selected authenticator supports verifiable location, then the client MUST not prevent the extension authenticator data from being returned in either the packed attestation or assertion.

Authenticator argument

If the authenticator supports extension selection AND supports the verifiable location, then the client MUST pass as an argument the extension identifier encoded as a CBOR text string.

Authenticator Processing

The authenticator SHOULD accept or reject the extension selection, and provide an indication to the client.  This indication SHOULD come in the form of a CBOR encoded integer value of '1' (indicating acceptance of the requested extension) or '0' (indicating rejection).  Any returned values other than '1' or '0' would constitute rejection.

If the authenticator rejects the extension, then the authenticator SHOULD NOT add verifiable location authenticator data to the packed attestation or assertion.  If the authenticator accepts the extension, then the authenticator SHOULD only add this extension to a packed attestation or assertion.

Authenticator data

If the authenticator accepts the extension request, then authenticator data SHOULD provide location data in the form of a CBOR-encoded type 5 map to be included in the packed attestation or assertion.
Received on Wednesday, 15 June 2016 14:33:39 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:21 UTC