[webauthn] Assertion signatures with JWS? (#1581) from Anders Rundgren via GitHub on 2021-03-10 (public-webauthn@w3.org from March 2021)

From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
Date: Wed, 10 Mar 2021 07:54:49 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-827300908-1615362887-sysbot+gh@w3.org>

cyberphone has just created a new issue for https://github.com/w3c/webauthn:

== Assertion signatures with JWS? ==
Pardon my somewhat limited experience with WebAuthn and CTAP2...
Anyway, for payment assertions like https://github.com/rsolomakhin/secure-payment-confirmation/issues/40 you would probably like to use JWS.  However, FIDO2 signatures do not seem to conform to JOSE standards if I interpret this figure correctly:
https://w3c.github.io/webauthn/images/fido-signature-formats-figure2.svg

The existing JOSE stack apparently needs one or more extensions to cope with this.

Any suggestions or preferences?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1581 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 10 March 2021 07:54:50 UTC