[webauthn] The default value of `attestation` member in `PublicKeyCredentialRequestOptions` should be null (#1941) from Ki-Eun Shin via GitHub on 2023-08-18 (public-webauthn@w3.org from August 2023)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Fri, 18 Aug 2023 14:14:20 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1856797942-1692368058-sysbot+gh@w3.org>

Kieun has just created a new issue for https://github.com/w3c/webauthn:

== The default value of `attestation` member in `PublicKeyCredentialRequestOptions` should be null ==
## Proposed Change

[In section 5.5](https://w3c.github.io/webauthn/#dictionary-assertion-options), `PublicKeyCredentialRequestOptions` dictionary is defined.
Although asking attestation in the assertions is optional, the default value of `attestation` member is `none` attestation conveyance preference.
It means that if the relying party does not set any attestation conveyance preference (do not ask attestation in assertion), the browser (webauthn client) will  set the value of `attestation` member as default value `none`, which will eventually might return `attestationObject` with none attestation statement format.

I'm thinking that attestation in assertion is optional and if there is no explicit request, the attestation conveyance preference must be interpreted as I don't need any attestation for assertion which is not identical to the the `none` attestation.

So, the value of `attestation` member should not be defaulting to `none`, and the absence should be treated as I don't need any attestation for assertion and give me conventional assertion for credential get operation.



Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1941 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 18 August 2023 14:14:22 UTC