- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Wed, 09 Aug 2023 19:45:15 +0000
- To: public-webauthn@w3.org
MasterKale has just merged MasterKale's pull request 1907 for https://github.com/w3c/webauthn:
== Define RP processing of be and bs flags during `.create()` and `.get()` ==
The spec was light on details on how to handle a couple of states of the `be` and `bs` flags coming out of calls to `.create()` and `.get()`. This PR tries to clarify RP handling of potential combinations of these flags during registration and authentication:
1. A device-bound credential indicates that it is backed up during registration (`be:0+bs:1`)
2. A device-bound credential indicates that it is backed up after authentication (`be:0+bs:1`)
3. A credential's backup eligibility changes after registration (`be:0 -> be:1` or `be:1 -> be:0`)
This should address #1791.
<!--
This comment and the below content is programmatically generated.
You may add a comma-separated list of anchors you'd like a
direct link to below (e.g. #idl-serializers, #idl-sequence):
Don't remove this comment or modify anything below this line.
If you don't want a preview generated for this pull request,
just replace the whole of this comment's content by "no preview"
and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/pull/1907.html" title="Last updated on Jul 12, 2023, 1:54 PM UTC (4514f5f)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/1907/6dfbdba...4514f5f.html" title="Last updated on Jul 12, 2023, 1:54 PM UTC (4514f5f)">Diff</a>
See https://github.com/w3c/webauthn/pull/1907
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 9 August 2023 19:45:16 UTC