W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2019

Re: mixed U2F and WebAuthn

From: Adam Langley <agl@google.com>
Date: Thu, 18 Jul 2019 15:55:49 -0700
Message-ID: <CAL9PXLx=_uty2GTaSxJd0NQmgqNiG8SbMYPY6w7zVFB0RnTuvw@mail.gmail.com>
To: Marius Scurtescu <marius.scurtescu@coinbase.com>
Cc: W3C Web Authn WG <public-webauthn@w3.org>
On Thu, Jul 18, 2019 at 2:55 PM Marius Scurtescu <
marius.scurtescu@coinbase.com> wrote:

> When the AppID extension is used in order to support legacy U2F registered
> authenticators, can the allowCredentials array (part ofl
> navigator.credentials.get) contain a mix of U2F and WebAuthn registered
> keys?
>

Yes.

Reading the "Client extension processing" of "10.1. FIDO AppID Extension
> (appid)" that seems to be the case with the retry in step 5, but the note
> at the end states that "several implementations do not implement steps four
> and onward". Making sure the note refers only to FacetID and that the rest
> of step 5 is actually implemented?
>

 It refers to the algorithm here
<https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-appid-and-facets-v2.0-id-20180227.html#determining-if-a-caller-s-facetid-is-authorized-for-an-appid>,
i.e. the more complex FacetID processing.


Cheers

AGL
Received on Thursday, 18 July 2019 22:56:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:06 UTC