W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2019

Re: [webauthn] add notion of "enterprise" attestation (#1147)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 01 Mar 2019 21:25:13 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-468816910-1551475512-sysbot+gh@w3.org>
on 27-Feb-2019, @christiaanbrand replied in email rather than here:

MS made a case for not doing that. The idea was:

1. Token contains some blob which says "for which" RPs individual
attestation might be required
2. Upon registration, token sends blob to browser. Browser interprets it.
Might show additional UI telling user what they're about to do.
3. If browser is happy, it'll set the "ep" bit in CTAP.

Maybe we want that in conjunction with the "EP" flag in WebAuthn too.
Dunno. We have a use case where for the same RPID, sometime we want ep, and
sometimes we don't.


-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1147#issuecomment-468816910 using your GitHub account
Received on Friday, 1 March 2019 21:25:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:02 UTC