[webauthn] Clarify uses of ClientData

gmandyam has just created a new issue for 

== Clarify uses of ClientData ==
As per https://w3c.github.io/webauthn/#sec-client-data,

"The client data represents the contextual bindings of both the 
Relying Party and the client platform."  This implies that 
authenticator contextual bindings are not included in the ClientData.
  Moreover, all dictionary entries listed in this section (challenge, 
rpId, etc.) do not represent values that are set by the authenticator.

Yet ihttps://w3c.github.io/webauthn/#sec-android-attestation-signature
 defines platform-specific extensions to ClientData that are 
authenticator specific, which implies a contextual binding of the 

My suggestion is to prohibit such platform-specific extensions to 

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/209 using your GitHub account

Received on Saturday, 17 September 2016 13:54:05 UTC