- From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
- Date: Fri, 22 Sep 2023 09:39:17 +0000
- To: public-webauthn@w3.org
Kieun has just submitted a new pull request for https://github.com/w3c/webauthn: == Make the default value for the attestation member in assertion options be null == The default value of attestation options in **assertion** was `none` and the intension was that the relying party does not want any attestation at assertion time. In this case, the user agent and authenticator does not return any `attestationObject` which is backward compatible. But, for `none` attestation options in **attestation** **does** always return attestation statement including `none` attestation statement or any other attestation statement with `self` attestation. Now, with this PR, the default of attestation options in **assertion** is `null`. So, if the RP does not set attestation option member value, the user agent now handles that value as `null`. In this case, the user agent does not request any attestation to the authenticator and it does not return attestationObject as a assertion response. In other cases, if the RP explicitly sets attestation options including `none`, the user agent now sends such request like the way of attestation processing, and if any authenticator supports such requests, the authenticator may return attestation in assertions. Then, the user agent handles such response from the authenticator with additional steps such as replacing some potentially identifiable information. Fixes #1941 See https://github.com/w3c/webauthn/pull/1972 -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 22 September 2023 09:39:20 UTC