W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2019

Re: [webauthn] Indicate resident key credential "preferred" during registration and find out what the authenticator offered (#991)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 14 Mar 2019 12:21:12 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-472829869-1552566071-sysbot+gh@w3.org>
>Other credential properties MAY be returned in this extension.

I'm positive to this idea, but I think we'd better try to make sure that nonstandard property additions don't collide with any standard properties added in the future. I see a few obvious ways to do this:

 1. Require that any new property names are added to the [WebAuthn registry][reg].
 2. Require that any nonstandard property names begin with `x-`, or similar, as is done in many other standards like HTTP headers.
 3. Add a second optional property containing an unspecified dictionary, something like:

    ```
    partial dictionary CredentialPropertiesOutput {
        boolean rk;
        dictionary ext;
    };
    ```

    where anything may be added in the `ext` dictionary. I'm not completely sure WebIDL allows this, though.

Alternatively we can just forbid nonstandard properties instead. What do others think?

[reg]: https://tools.ietf.org/html/draft-hodges-webauthn-registries-02

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/991#issuecomment-472829869 using your GitHub account
Received on Thursday, 14 March 2019 12:21:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:03 UTC