W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2020

[w3c/webauthn] b44009: Add “enterprise” attestation type. (#1366)

From: Adam Langley <noreply@github.com>
Date: Wed, 29 Apr 2020 12:11:30 -0700
To: public-webauthn@w3.org
Message-ID: <w3c/webauthn/push/refs/heads/master/8d0060-b44009@github.com>
  Branch: refs/heads/master
  Home:   https://github.com/w3c/webauthn

  Commit: b44009c0bc24ed76f79c94c4bf6a3d5a111439ae

  Author: Adam Langley <agl@google.com>
  Date:   2020-04-29 (Wed, 29 Apr 2020)

  Changed paths:
    M index.bs

  Log Message:
  Add “enterprise” attestation type. (#1366)

* Add “enterprise” attestation type.

In controlled deployments, organisations may wish to tie specific
registrations back to individual authenticators. Obviously this has
privacy concerns and needs to be gated on local configuration, or
special configuration on the authenticator. However, as cloud services
are increasingly used, RP IDs are no longer neatly divided into
enterprise and consumer contexts, and the RP might _not_ wish to receive
the enterprise attestation when used in a consumer context.

This change adds a new level of attestation, “enterprise”, which allows
RPs to indicate when they would like to, possibly, receive an
attestation that may include uniquely identifying information. This
leaves “direct” with its current, less privacy-impacting meaning.

Fixes #1147

* Signal attestation at the correct time.

* Merging a suggested change from Jeff

Co-Authored-By: =JeffH <jdhodges@google.com>

* Merging a suggested change from Jeff

Co-Authored-By: =JeffH <jdhodges@google.com>

* modest fixups for enterprise attestation

* Convert  to DOMString

* Remove fallback to direct

* Apply jcjones' suggestion

Co-Authored-By: J.C. Jones <james.jc.jones@gmail.com>

Co-authored-by: =JeffH <jdhodges@google.com>
Co-authored-by: J.C. Jones <james.jc.jones@gmail.com>

Received on Wednesday, 29 April 2020 19:11:42 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC