Re: [webauthn] Add acceptable trust anchors to AuthenticatorSelectionCriteria from =JeffH via GitHub on 2017-06-07 (public-webauthn@w3.org from June 2017)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 07 Jun 2017 20:49:37 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-306920447-1496868576-sysbot+gh@w3.org>

WRT the orig post (OP) https://github.com/w3c/webauthn/issues/461#issue-228097099: note that preceding Step 11 of [Registering a new credential](https://w3c.github.io/webauthn/#registering-a-new-credential) says:
> ...obtain a list of acceptable trust anchors (attestation root certificates or ECDAA-Issuer public keys) for that attestation type and attestation statement format fmt, from a trusted source or from policy. For example, the FIDO Metadata Service [FIDOMetadataService] provides one way to obtain such information, using the AAGUID in the attestation data contained in authData.

Which means an RP in (2) above will likely have such information on-hand.  

Though, having a means for the RP to indicate to the client which authnrs are acceptable when invoking the [[Create]](options) method is advantageous from various UX perspectives. This is the crux of the OP, yes?

There currently is the [Authenticator Selection extension](https://w3c.github.io/webauthn/#sctn-authenticator-selection-extension) for this, as well as PR #479 (which obviates the former extension). 

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/461#issuecomment-306920447 using your GitHub account

Received on Wednesday, 7 June 2017 20:49:44 UTC