- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Thu, 02 Dec 2021 00:18:40 +0000
- To: public-webauthn@w3.org
The two leading formats would be: 1. JSON with base64url-encoded properties for ArrayBuffers 2. base64url-encoded CBOR I would make two points in favor of CBOR: 1. This is meant for the server, and the server already needs to work with WebAuthn binary formats as well as CBOR to handle the assertions, to handle attestations and to handle extensions (such as the mandated credProtect by some clients) 2. Having it be CBOR frees us from some issues with compatibility, while by comparison we can't determine if a RP server intended for a JSON property to be interpreted as a string or an ArrayBuffer without additional rules. For the second point, additional `ArrayBuffer` values represented as base64 encoded properties might not be understood as string vs binary properly if a request is sent to a client which does not support it. This would likely not be an issue where the fromJSON for options is being interpreted by the platform, as @agl mentioned on call. I cannot speak to how this knowledge might complicate environments where the browser and platform have an API between them. -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1683#issuecomment-984176324 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 2 December 2021 00:18:42 UTC