Re: [webauthn] Clearly define the way how RP handles the extensions (#1258) from Ki-Eun Shin via GitHub on 2019-10-15 (public-webauthn@w3.org from October 2019)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Tue, 15 Oct 2019 09:32:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-542125879-1571131968-sysbot+gh@w3.org>

@emlun I'm thinking that appId, authnSel, biometricPrefBouns and credProps are the type of client extension. They don't need any other communication with authenticators. So, at least for the authenticator extension, the authenticator extension inputs should exist and be delivered to the authenticator. Also, the authenticator extension output can be conveyed within the AuthData.
My understanding is that RP needs to check the list of client extension output for client only extension and for authenticator extension, RP needs to investigate the extensions within the AuthData.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1258#issuecomment-542125879 using your GitHub account

Received on Tuesday, 15 October 2019 09:32:50 UTC