- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 22 Jan 2020 23:00:47 +0000
- To: public-webauthn@w3.org
agl has just submitted a new pull request for https://github.com/w3c/webauthn: == Add “enterprise” attestation type. == In controlled deployments, organisations may wish to tie specific registrations back to individual authenticators. Obviously this has privacy concerns and needs to be gated on local configuration, or special configuration on the authenticator. However, as cloud services are increasingly used, RP IDs are no longer neatly divided into enterprise and consumer contexts, and the RP might _not_ wish to receive the enterprise attestation when used in a consumer context. This change adds a new level of attestation, “enterprise”, which allows RPs to indicate when they would like to, possibly, receive an attestation that may include uniquely identifying information. This leaves “direct” with its current, less privacy-impacting meaning. Fixes #1147 See https://github.com/w3c/webauthn/pull/1366
Received on Wednesday, 22 January 2020 23:00:50 UTC