- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 15 Nov 2023 22:20:20 +0000
- To: public-webauthn@w3.org
agl has just merged agl's pull request 1957 for https://github.com/w3c/webauthn:
== devicePubKey → supplementalPubKeys ==
This change removes the `devicePubKey` extension but adds the very similar `supplementalPubKeys` extension. The major difference between the two is that the latter allows for one _or_ two supplemental keys, and while supplemental keys can be device bound, they can also have "provider" scope, which is defined by their attestation statement.
Added by @timcappalli:
Here is a visual that (hopefully) helps to depict how this all comes together. This diagram assumes that the RP has requested both a provider SPK and device SPK, and that the passkey provider supports.
<!--
This comment and the below content is programmatically generated.
You may add a comma-separated list of anchors you'd like a
direct link to below (e.g. #idl-serializers, #idl-sequence):
Don't remove this comment or modify anything below this line.
If you don't want a preview generated for this pull request,
just replace the whole of this comment's content by "no preview"
and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/pull/1957.html" title="Last updated on Nov 15, 2023, 10:02 PM UTC (e168d78)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/1957/a8bf3f5...e168d78.html" title="Last updated on Nov 15, 2023, 10:02 PM UTC (e168d78)">Diff</a>
See https://github.com/w3c/webauthn/pull/1957
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 15 November 2023 22:20:21 UTC