Re: [webauthn] <new proposal> Extending WebAuthn Protocol for Remote Authentication (#1580)

if this is going to be a generic binary data signing mechanism then the process would be very similar to get assertion yes. We would need the RP to send a create signed assertion options or similar with a challenge to prevent replays, and the collected client data would be extended to contain a sha256 of the data we want to assert. Otherwise the process is similar to assertion. 

It may be better to frame the proposal as signing arbitrary data than using the camera example. It makes it clearer that the proposal can have many more applications. 

It's also worth discussing how this creates a chain of trust to the data, but also needs to have discussed the weaknesses of this system. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1580#issuecomment-793288278 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 9 March 2021 02:37:49 UTC