[webauthn] Public Key Credential Source and Extensions (#1719)

timcappalli has just created a new issue for https://github.com/w3c/webauthn:

== Public Key Credential Source and Extensions ==
The [`Public Key Credential Source`](https://www.w3.org/TR/webauthn-2/#public-key-credential-source) is currently defined as containing:
- `type`
- `id`
- `privateKey`
- `rpId`
- `userhandle`
- `otherUI`

The definition does not currently say anything about extension data, but we know that many authenticators include extension data such as large blob, large blob key, credProtect, etc.

L3 introduces the Device Public Key (DPK) which must be device bound and not backed up. 

Do we need to be more explicit about this in the spec?

/cc @ve7jtb @akshayku 

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1719 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 7 April 2022 18:13:48 UTC