W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2016

[w3c/webauthn] 6f11f1: Make attestation more modular (#161)

From: GitHub <noreply@github.com>
Date: Tue, 20 Sep 2016 01:04:23 -0700
To: public-webauthn@w3.org
Message-ID: <57e0ed87228d7_2e7e3fe8abbeb134371b9@hookshot-fe3-cp1-prd.iad.github.net.mail>
  Branch: refs/heads/master
  Home:   https://github.com/w3c/webauthn
  Commit: 6f11f1ac889a7e7913d6eb45df0ecf76b577e1cd
      https://github.com/w3c/webauthn/commit/6f11f1ac889a7e7913d6eb45df0ecf76b577e1cd
  Author: Vijay Bharadwaj <vijaybh@users.noreply.github.com>
  Date:   2016-09-20 (Tue, 20 Sep 2016)

  Changed paths:
    M images/fido-signature-formats-figure1.svg
    M index.bs

  Log Message:
  -----------
  Make attestation more modular (#161)

* Replace facet with origin

Facet was a holdover from the old FIDO specs and origin is the term used
everywhere in this spec (as well as in recent FIDO specs)

* Clean up explanation of computing clientDataHash and passing to authenticator

Fixes #153

* Remove text from authnsel extension to avoid chicken-and-egg problem

Fixes #152

* Clean up attestation

- Standardize the authenticator data so all formats have equal support
for AAGUID, extensions, etc. This also removes a lot of duplication
across structures.
- Add structure to the definition of attestation formats. Fixes #126.
Fixes #127.
- Simplify the naming of the attestation types to make it easier to
understand
- Clean up mentions of GUID. Fixes #148, fixes #149, fixes #150.
- Clarifies how to use self attestation. Fixes #115.
- More detailed pointers on how to generate a TPM attestation.
- Simplify Android attestation to remove fields that were not really
attested by authenticator and were therefore creating a false sense of
assurance.

* Fix typo (thanks Travis!)

* Incorporated feedback from @rlin1

Also cleaned up wording and naming for consistency.

Added Android N attestation format. Fixes #103.

Changed name for SafetyNet attestation format. Fixes #128.

* Clarify that attestation is not optional

Fixes #86

Also clarify that at least self attestation must be used. Fixes #115
Received on Tuesday, 20 September 2016 08:05:06 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:22 UTC