W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

[webauthn] #getAssertion alg needs to pass authenticator selection requirements to authenticatorGetAssertion operation

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 13 Oct 2017 21:03:19 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-265418240-1507928584-sysbot+gh@w3.org>
equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:

== #getAssertion alg needs to pass authenticator selection requirements to authenticatorGetAssertion operation ==
Ostensibly, RPs want/need to pass authenticatorSelection.requireUserVerification (aka "uv" in [CTAP](https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#authenticatorGetAssertion) parlance) in the [#getAssertion](https://w3c.github.io/webauthn/#getAssertion) call, per issue #629.

However, [authenticatorSelectionCriteria](https://w3c.github.io/webauthn/#authenticatorSelection) is part of [MakePublicKeyCredentialOptions](https://w3c.github.io/webauthn/#dictionary-makecredentialoptions), **_which is not passed at all_** to [#getAssertion](https://w3c.github.io/webauthn/#getAssertion), and thus is not subsequently passed to [webauthn's authenticatorGetAssertion operation](https://w3c.github.io/webauthn/#op-get-assertion), which subsequently needs to pass both "uv" and "up" booleans as options to, for example, [CTAP's authenticatorGetAssertion command](https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#authenticatorGetAssertion).
 

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/644 using your GitHub account
Received on Friday, 13 October 2017 21:03:08 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC