W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2017

Re: [webauthn] FIDO U2F Attestation Statement Format needs to clarify that user handle will be empty

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Tue, 12 Dec 2017 16:14:53 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-351100623-1513095293-sysbot+gh@w3.org> 
I think it would be better to add more description regarding this at step 1 of ยง7.2 Verifying an authentication assertion. We need to provide detailed procedures for the RP server to look up credential public key with credential id and user handle. 
We need to mention the fact that the RP server should look up credential public keys with user id before sending an challenge and then select one from the keys after getting an assertion with credential Id in case of 2nd factor use cases.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/715#issuecomment-351100623 using your GitHub account
Received on Tuesday, 12 December 2017 16:15:30 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:30 UTC