- From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
- Date: Wed, 23 Aug 2023 22:49:24 +0000
- To: public-webauthn@w3.org
While prototyping this feature, I found that there are some of procedures defined in the spec. If the attestationFormats of the inputs from the webauthn client, which is based on the relying party input ([attestation](https://w3c.github.io/webauthn/#dom-publickeycredentialrequestoptions-attestation), [attestationFormats](https://w3c.github.io/webauthn/#dom-publickeycredentialrequestoptions-attestationformats)), the authenticator would fallback to the `none` which is not the none attestation format, but assertion without attestation. So, the authenticator and the webauthn client might not return attestationObject in the assertion response. But, as a RP, when implementing the webauthn server API, we refer the IDL. In addition, `attestation` defaulting to `none` in assertion would make some confusions, because the attestation in creation would return `none` attestation statement in the response in such cases, while the attestation in authentication does not return any attestation statement for the same case. -- GitHub Notification of comment by Kieun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1941#issuecomment-1690744421 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 23 August 2023 22:49:26 UTC