W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

Re: [webauthn] Propose procedure for adding to attestation/extension registry

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Apr 2018 21:32:21 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-384441122-1524691939-sysbot+gh@w3.org>
[draft-hodges-webauthn-registries](https://tools.ietf.org/html/draft-hodges-webauthn-registries) defines two to-be-created IANA registries:
1. [WebAuthn Attestation Statement Format Identifier Registry](https://tools.ietf.org/html/draft-hodges-webauthn-registries#section-2)
2. [WebAuthn Extension Identifier Registry

[WRT](https://en.wiktionary.org/wiki/with_respect_to#English) the selection and appointment of Designated Experts, [draft-hodges-webauthn-registries-01](https://tools.ietf.org/html/draft-hodges-webauthn-registries-01) says in both of the above-cited sections:

> [identifiers] are registered on the advice of a Designated Expert (appointed by the IESG **_or their delegate_**) ...  [emphasis added]

..so the details of appointing the DEs can be negotiated with the IETF Area Directors (who make up the [IESG](https://www.ietf.org/about/groups/iesg/)) by WebAuthn WG folk in company with W3C Team folk. I think [draft-hodges-webauthn-registries](https://tools.ietf.org/html/draft-hodges-webauthn-registries) is as specific as it needs to be about this. Perhaps @selfissued has some news on this (see also his above https://github.com/w3c/webauthn/issues/303#issuecomment-288259448) from the recent IETF-101 London.

> For a proposed attestation format or extension to be added to the registry, the proposer must follow these guidelines: [...]

..from the [original post (OP)](https://github.com/w3c/webauthn/issues/303#issue-192987442) above, [draft-hodges-webauthn-registries-01](https://tools.ietf.org/html/draft-hodges-webauthn-registries-01) says in both of the above-cited sections:
> The Expert(s) will establish procedures for requesting registrations, and make them available from the registry page.

The only aspect of the guidelines proposed by @gmandyam in the [OP](https://github.com/w3c/webauthn/issues/303#issue-192987442)  that are not already addressed in [draft-hodges-webauthn-registries-01](https://tools.ietf.org/html/draft-hodges-webauthn-registries-01) is this one:
> c) The proposer must announce the proposed attestation format or extension on public-webauthn@w3.org.

..which we can have the DEs address in the registration request procedures they will post on the registry page.  We _may_ be able to put that requirement (c) directly into  [draft-hodges-webauthn-registries](https://tools.ietf.org/html/draft-hodges-webauthn-registries), tho I am unsure how palatable that will be for IESG reviewers. 

Other than that minor item, I think this issue is addressed. 

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/303#issuecomment-384441122 using your GitHub account
Received on Wednesday, 25 April 2018 21:32:26 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC