- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Thu, 18 Jun 2020 04:04:48 +0000
- To: public-webauthn@w3.org
The relying party sends a challenge, which the client augments with additional collected information (the requesting origin being the big one). This collected client data is never directly shared with the authenticator, instead it is treated as a binary stream and a hash of it is sent. This hash is included in the response. The relying party needs the collected data in a binary/buffer representation, as JSON tooling may interpret the document and corrupt the ability to calculate the same hash as in the response. The relying party would also parse the buffer as JSON to make sure the data matches what was expected. -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1442#issuecomment-645758370 using your GitHub account
Received on Thursday, 18 June 2020 04:05:07 UTC