Re: [webauthn] attestation type identifiers and their use is only implicitly defined

The verification procedures are run wholly within the RP, and the RP can determine the attestation type from the contents of the attestation, so any representation of the attestation type would be used only internally by the RP. Thus there's no need for strictly defined identifiers (because the RP would be both the creator and the consumer of the "returned attestation type") or matching rules for the attestation types.

It seems like a good idea to define and link the terms within the document, but I think that could be regarded an editorial issue.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/746#issuecomment-357632886 using your GitHub account

Received on Monday, 15 January 2018 09:51:07 UTC