W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2021

Re: [webauthn] Note to encourage storage of registered credential details (#1556)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Thu, 04 Feb 2021 01:58:38 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-772966248-1612403918-sysbot+gh@w3.org>
This is something I'm tackling right now in my library. A user raised an issue requesting additional information out of attestation verification so that they could more closely design their RP around [Yubico's developer guide](https://developers.yubico.com/WebAuthn/WebAuthn_Developer_Guide/Registering_Multiple_Devices.html), which encourages the "credentials" table to store the following information:

![image](https://user-images.githubusercontent.com/5166470/106833621-b0833780-6648-11eb-961e-a7b629471f52.png)

So there's at least something out in the wild taking an opinionated stance on what information out of an attestation is/might be useful for future-proofing an RP as utilization of WebAuthn grows and the spec evolves.

> sounds to me like something for the webauthn adoption community group to discuss?

This guide seems like a reasonable starting point for the WACG to have this conversation considering everything except the last three are things that can be extracted from an attestation and stored fairly easily (`metadata` is how they track things like authenticator attachment, "form factor", OS, etc...). Unless someone beats me to it I can bring it up at our next meeting on 2/8.

-- 
GitHub Notification of comment by MasterKale
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1556#issuecomment-772966248 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 4 February 2021 01:58:40 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 4 February 2021 01:58:41 UTC