- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Thu, 04 Feb 2021 01:58:38 +0000
- To: public-webauthn@w3.org
This is something I'm tackling right now in my library. A user raised an issue requesting additional information out of attestation verification so that they could more closely design their RP around [Yubico's developer guide](https://developers.yubico.com/WebAuthn/WebAuthn_Developer_Guide/Registering_Multiple_Devices.html), which encourages the "credentials" table to store the following information: ![image](https://user-images.githubusercontent.com/5166470/106833621-b0833780-6648-11eb-961e-a7b629471f52.png) So there's at least something out in the wild taking an opinionated stance on what information out of an attestation is/might be useful for future-proofing an RP as utilization of WebAuthn grows and the spec evolves. > sounds to me like something for the webauthn adoption community group to discuss? This guide seems like a reasonable starting point for the WACG to have this conversation considering everything except the last three are things that can be extracted from an attestation and stored fairly easily (`metadata` is how they track things like authenticator attachment, "form factor", OS, etc...). Unless someone beats me to it I can bring it up at our next meeting on 2/8. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1556#issuecomment-772966248 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 4 February 2021 01:58:40 UTC