[webauthn] Public Key Credential Source and Extensions (#1719) from Tim Cappalli via GitHub on 2022-04-07 (public-webauthn@w3.org from April 2022)

From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
Date: Thu, 07 Apr 2022 18:13:46 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1196408710-1649355224-sysbot+gh@w3.org>

timcappalli has just created a new issue for https://github.com/w3c/webauthn:

== Public Key Credential Source and Extensions ==
The [`Public Key Credential Source`](https://www.w3.org/TR/webauthn-2/#public-key-credential-source) is currently defined as containing:
- `type`
- `id`
- `privateKey`
- `rpId`
- `userhandle`
- `otherUI`

The definition does not currently say anything about extension data, but we know that many authenticators include extension data such as large blob, large blob key, credProtect, etc.

L3 introduces the Device Public Key (DPK) which must be device bound and not backed up. 

Do we need to be more explicit about this in the spec?

/cc @ve7jtb @akshayku 

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1719 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 7 April 2022 18:13:48 UTC