Re: [webauthn] Propose extension: Delegation of Authentication (#1125) from Benjamin VanderSloot via GitHub on 2019-01-25 (public-webauthn@w3.org from January 2019)

From: Benjamin VanderSloot via GitHub <sysbot+gh@w3.org>
Date: Fri, 25 Jan 2019 16:43:03 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-457635482-1548434582-sysbot+gh@w3.org>

The challenge is created by the RP, so in that case the RP has the new secret key. The scheme I describe lets the Client generate the HMAC (and own the new secret key).

The idea here is that there is a second secret value possessed by the Client which need not be associated with a specific Authenticator, all while only completing a single ceremony.

-- 
GitHub Notification of comment by bvandersloot
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1125#issuecomment-457635482 using your GitHub account

Received on Friday, 25 January 2019 16:43:04 UTC