W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2016

Re: draft-hodges-webauthn-registries-00

From: Hodges, Jeff <jeff.hodges@paypal.com>
Date: Mon, 20 Jun 2016 14:01:53 +0000
To: Mark Nottingham <mnot@mnot.net>
CC: W3C WebAuthn WG <public-webauthn@w3.org>
Message-ID: <D38D43C4.C6540%jehodges@paypalcorp.com>
On 6/18/16, 6:26 PM, "Mark Nottingham" <mnot@mnot.net> wrote:


>Hey,
>
>A few notes below.
>
>

thanks!

>
>> On 14 Jun 2016, at 4:30 AM, Hodges, Jeff <jeff.hodges@paypal.com> wrote:
>> 
>> Here's an initial cut at an internet-draft creating WebAuthn registries
>>at
>> IANA. It is somewhat based upon RFC5988 by Mark Nottingham.
>> 


>>Network Working Group                                          J. Hodges
>> Internet-Draft                                                    PayPal
>> Intended status: Informational                             June 13, 2016
>> Expires: December 15, 2016
>> 
>> 
>>                        WebAuthn Registries
>>                  draft-hodges-webauthn-registries-00
>> 
>> Abstract
>> 
>>   This specification defines IANA registries for W3C Web Authentication
>>   (WebAuthn) attestation types and extension identifiers.
>> 
>>1.  Introduction
>> 
>>   This specification defines IANA registries for W3C Web Authentication
>>   [WebAuthn] attestation types and extension identifiers, and supplies
>>   initial entries within each registry.
>> 
>> 2.  IANA Considerations
>> 
>> 2.1.  WebAuthn Attestation Types Registry
>> 
>>   This specification establishes the WebAuthn Attestation Types
>>   registry [WebAuthn].  The IANA registration policy is "Specification
>>   Required" per [RFC5226].  Instructions, and a request template, for a
>>   registrant to request the registration of a new WebAuthn Attestation
>>   Type are in Section 2.1.1.  An example registration request is given
>>   in Section 2.1.2.  The initial registry contents are given in
>>   Section 2.1.3.
>> 
>>   The underlying registry data (e.g., the XML file) must include
>>   Simplified BSD License text as described in Section 4.e of the Trust
>>   Legal Provisions (<http://trustee.ietf.org/license-info>).
>> 
>> 2.1.1.  Registering New WebAuthn Attestation Types
>> 
>>   WebAuthn Attestation Types are registered per the IANA registration
>>   policy of "Specification Required" [RFC5226], which implies use of a
>>   Designated Expert (appointed by the IESG (?) (W3C Team?) or their
>>   delegate).
>> 
>>   [[ISSUE: Who ought to appoint the DE and adjudicate any appeals?
>>   IESG (?) or W3C Team?  (appeals process is described below, presently
>>   in terms of IESG)]]
>
>AUIU the IESG officially appoints all DEs, but the registry can ask them
>to consult with a community -- e.g., the W3C -- to find suitable
>candidates. In practice, they'll be very grateful for the help.

"the registry" meaning IANA ?

>
>>   WebAuthn attestation type identifiers are strings whose semantic,
>>   syntactic, uniqueness, and string-matching criteria are specified in
>>   [WebAuthn].
>> 
>>   [[ISSUES: <https://github.com/w3c/webauthn/issues/126>,
>>   <https://github.com/w3c/webauthn/issues/127>]]
>> 
>>   Registration requests consist of the completed registration template,
>>   given below, typically published in a W3C Recommendation, or RFC, or
>>   other Open Standard (in the sense described by [RFC2026], Section 7),
>>   and also submitted via email per the next paragraph.  However, to
>>   allow for the allocation of values prior to publication, the
>>   Designated Expert may approve registration once they are satisfied
>>   that a specification will be published.
>
>It's strongly encouraged to explicitly reference one of the registration
>policies in RFC5226 section 4.1 by name.

"specification required" is declared up above.


>
>> 
>>   Registration requests should be sent to ...
>
>FWIW -- I kind of wish you hadn't take 5988 as a starting point; in
>practice, we've found that to be overly bureaucratic and over-specified.
>I've stated a 5988bis; see:
>  https://mnot.github.io/I-D/rfc5988bis/#link-relation-type-registry

thx for the pointer -- easy enough to follow that as an example...

thx again,
=JeffH
Received on Monday, 20 June 2016 14:02:30 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:21 UTC