[webauthn] Allow desired attestation format to be an ordered list (#1917) from Shane Weeden via GitHub on 2023-07-06 (public-webauthn@w3.org from July 2023)

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Thu, 06 Jul 2023 03:00:14 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1790706104-1688612411-sysbot+gh@w3.org>

sbweeden has just created a new issue for https://github.com/w3c/webauthn:

== Allow desired attestation format to be an ordered list ==
## Proposed Change

During credential registration in particular (and also given that attestation can now, in theory, be requested on assertions), the [attestation](https://w3c.github.io/webauthn/#dom-publickeycredentialrequestoptions-attestation) property can be specified, as a single-valued string.

Consider a scenario where an enterprise would prefer an enterprise attestation, but is willing to fallback to direct attestation, e.g. if there is a mix of managed and un-managed employee devices. Currently there is no way to express this, and practical tests on current behaviour show that no attestation is returned if enterprise is not available/permitted on the client.

Need a discussion on what's viable here, as we do not want the user to have to go through multiple registration ceremonies or pre-select whether they are on a managed device or not.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1917 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 6 July 2023 03:00:16 UTC