Re: mixed U2F and WebAuthn from Marius Scurtescu on 2019-07-19 (public-webauthn@w3.org from July 2019)

From: Marius Scurtescu <marius.scurtescu@coinbase.com>
Date: Thu, 18 Jul 2019 17:37:20 -0700
To: Adam Langley <agl@google.com>
Cc: W3C Web Authn WG <public-webauthn@w3.org>
Message-ID: <CABpvcNtGgM9mhgd9MxDMH1b4UdWVsYBniyG-nv_ppXg6h-uB=w@mail.gmail.com>

Sounds great, thanks for confirming.

On Thu, Jul 18, 2019 at 3:56 PM Adam Langley <agl@google.com> wrote:

> On Thu, Jul 18, 2019 at 2:55 PM Marius Scurtescu <
> marius.scurtescu@coinbase.com> wrote:
>
>> When the AppID extension is used in order to support legacy U2F
>> registered authenticators, can the allowCredentials array (part ofl
>> navigator.credentials.get) contain a mix of U2F and WebAuthn registered
>> keys?
>>
>
> Yes.
>
> Reading the "Client extension processing" of "10.1. FIDO AppID Extension
>> (appid)" that seems to be the case with the retry in step 5, but the note
>> at the end states that "several implementations do not implement steps four
>> and onward". Making sure the note refers only to FacetID and that the rest
>> of step 5 is actually implemented?
>>
>
>  It refers to the algorithm here
> <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-appid-and-facets-v2.0-id-20180227.html#determining-if-a-caller-s-facetid-is-authorized-for-an-appid>,
> i.e. the more complex FacetID processing.
>
>
> Cheers
>
> AGL
>

Received on Friday, 19 July 2019 00:37:55 UTC