[webauthn] user-agent signal for enterprise attestation should be understandable for general users (#1521)

jumde has just created a new issue for https://github.com/w3c/webauthn:

== user-agent signal for enterprise attestation should be understandable for general users ==
From the spec: 

> enterprise
This value indicates that the Relying Party wants to receive an attestation statement that may include uniquely identifying information. This is intended for controlled deployments within an enterprise where the organization wishes to tie registrations to specific authenticators. User agents MUST NOT provide such an attestation unless the user agent or authenticator configuration permits it for the requested RP ID.
If permitted, the user agent SHOULD signal to the authenticator (at invocation time) that enterprise attestation is requested, and convey the resulting AAGUID and attestation statement, unaltered, to the Relying Party.

Most users in an enterprise setting will not understand what `enterprise attestation` means. It would be helpful for users if the user-agent/authenticator signals that `user identifying information` is being requested. 

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1521 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 17 November 2020 06:29:33 UTC