- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Wed, 29 Apr 2020 19:11:18 +0000
- To: public-webauthn@w3.org
equalsJeffH has just merged agl's pull request 1366 for https://github.com/w3c/webauthn:
== Add “enterprise” attestation type. ==
In controlled deployments, organisations may wish to tie specific
registrations back to individual authenticators. Obviously this has
privacy concerns and needs to be gated on local configuration, or
special configuration on the authenticator. However, as cloud services
are increasingly used, RP IDs are no longer neatly divided into
enterprise and consumer contexts, and the RP might _not_ wish to receive
the enterprise attestation when used in a consumer context.
This change adds a new level of attestation, “enterprise”, which allows
RPs to indicate when they would like to, possibly, receive an
attestation that may include uniquely identifying information. This
leaves “direct” with its current, less privacy-impacting meaning.
Fixes #1147
Improves #1376
<!--
This comment and the below content is programatically generated.
You may add a comma-separated list of anchors you'd like a
direct link to below (e.g. #idl-serializers, #idl-sequence):
Don't remove this comment or modify anything below this line.
If you don't want a preview generated for this pull request,
just replace the whole of this comment's content by "no preview"
and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/agl/webauthn/pull/1366.html" title="Last updated on Apr 27, 2020, 8:47 PM UTC (a3c9262)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/1366/6349d24...agl:a3c9262.html" title="Last updated on Apr 27, 2020, 8:47 PM UTC (a3c9262)">Diff</a>
See https://github.com/w3c/webauthn/pull/1366
Received on Wednesday, 29 April 2020 19:11:20 UTC