- From: bifurcation via GitHub <sysbot+gh@w3.org>
- Date: Wed, 08 Feb 2017 17:57:43 +0000
- To: public-webauthn@w3.org
bifurcation has just created a new issue for https://github.com/w3c/webauthn: == Expose credential public key in `ScopedCredential` == The result of a `makeCredential` call provides certain information about a credential: * Type * ID * Public key * RP ID associated to the credential Of these four elements, only the Type and ID are exposed in the `ScopedCredential` object. The other two are buried in the `authenticatorData` field of the `AuthenticatorAttestation` object. For the RP ID, that's fine; this is just reflecting back a value the caller specified. The public key, however, is generated by the the authenticator, and needs to be accessible to the RP in order for it to verify assertions. Instead of forcing the RP to parse the public key out of the `authenticatorData`, the API should expose the public key as an attribute on `ScopedCredential` in a way that can be more directly used, e.g., as a JWK that can be used with WebCrypto. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/337 using your GitHub account
Received on Wednesday, 8 February 2017 17:57:51 UTC