- From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
- Date: Wed, 04 Oct 2023 10:36:13 +0000
- To: public-webauthn@w3.org
First of all, the KeyDescription may have `teeEnforced` and `softwareEnforced` at the same time. But the thing is that, if the both are presented in the KeyDescription, the same filed must not be present. For example, `teeEnforced.origin` field and `softwareEnforced.origin` field should not be presented together. This is the same for `purpose` field as well. If the same fields are present both in `teeEnforced` and `softwareEnforced`, that would be the invalid structure. > So, the union means that, you just get authorization list from `teeEnforced` and `softwareEnforced` and let it as single authorization list saying `temp`. > Then, you need to verify (not validate) `temp.origin` and `temp.purpose`. I'm not a native english speaker, but my interpretation was something like this. It's better to get response from any Googler, @agl . -- GitHub Notification of comment by Kieun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1980#issuecomment-1746603899 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 4 October 2023 10:36:15 UTC