W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2019

Re: [webauthn] Propose extension: Delegation of Authentication (#1125)

From: Benjamin VanderSloot via GitHub <sysbot+gh@w3.org>
Date: Fri, 25 Jan 2019 16:43:03 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-457635482-1548434582-sysbot+gh@w3.org>
The challenge is created by the RP, so in that case the RP has the new secret key. The scheme I describe lets the Client generate the HMAC (and own the new secret key).

The idea here is that there is a second secret value possessed by the Client which need not be associated with a specific Authenticator, all while only completing a single ceremony.

-- 
GitHub Notification of comment by bvandersloot
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1125#issuecomment-457635482 using your GitHub account
Received on Friday, 25 January 2019 16:43:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:01 UTC