- From: Roman Bukin via GitHub <sysbot+gh@w3.org>
- Date: Wed, 04 Oct 2023 10:11:31 +0000
- To: public-webauthn@w3.org
@Kieun I apologize if my description of the problem was not precise enough. As you correctly pointed out - `KeyDescription` can simultaneously have both `teeEnforced` and `softwareEnforced`. The question lies in how the `origin` and `purpose`, which are nested within `teeEnforced` and `softwareEnforced`, should be validated. Because currently, the specification states `otherwise use the union of teeEnforced and softwareEnforced`, and then lists the validation rules for origin and purpose:
```
- The value in the AuthorizationList.origin field is equal to KM_ORIGIN_GENERATED.
- The value in the AuthorizationList.purpose field is equal to KM_PURPOSE_SIGN.
```
As an implementer, it's unclear to me how validation should look.
```
bool isValid = IsOneOfOriginsValid(new [] {keyDescription.teeEnforced.origin, keyDescription.softwareEnforced.origin})
&&
IsOneOfPurposesValid(new [] {keyDescription.teeEnforced.purpose, keyDescription.softwareEnforced.purpose})
```
or
```
bool isValid = IsPurposeAndOriginValid(keyDescription.teeEnforced) || IsPurposeAndOriginValid(keyDescription.softwareEnforced)
```
--
GitHub Notification of comment by vanbukin
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1980#issuecomment-1746560467 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 4 October 2023 10:11:33 UTC