W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

[webauthn] CDDL for attStmtType is confusing

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Tue, 19 Sep 2017 23:26:06 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-258994849-1505863555-sysbot+gh@w3.org>
jcjones has just created a new issue for https://github.com/w3c/webauthn:

== CDDL for attStmtType is confusing ==
When implementing the [CBOR-encoded Attestation Object](https://w3c.github.io/webauthn/#generating-an-attestation-object), the `attStmtTemplate` defines `attStmt` to be `bytes`:

```
attObj = {
            authData: bytes,
            $$attStmtType
         }

attStmtTemplate = (
                      fmt: text,
                      attStmt: bytes
                  )

; Every attestation statement format must have the above fields
attStmtTemplate .within $$attStmtType
```

However, all of the definitions of the `attStmtType` actually override the `attStmt` to be some other type, namely a **map**. E.g.:

```
  $$attStmtType //= (
                        fmt: "fido-u2f",
                        attStmt: u2fStmtFormat
                    )
  u2fStmtFormat = {
                      x5c: [ attestnCert: bytes, * (caCert: bytes) ],
                      sig: bytes
                  }
```

Defining it at the top-level as **bytes** is confusing, then. It's probably better to define the top-level as a blank map, so that it's clear what the type repeatedly is.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/577 using your GitHub account
Received on Tuesday, 19 September 2017 23:25:59 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC