[webauthn] Make AuthenticatorAttestationResponseJSON.clientDataJSON a DOMString or USVString (#2060) from philomathic_life via GitHub on 2024-04-23 (public-webauthn@w3.org from April 2024)

From: philomathic_life via GitHub <sysbot+gh@w3.org>
Date: Tue, 23 Apr 2024 19:42:44 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-2259639444-1713901362-sysbot+gh@w3.org>

zacknewman has just created a new issue for https://github.com/w3c/webauthn:

== Make AuthenticatorAttestationResponseJSON.clientDataJSON a DOMString or USVString ==
[JSON-compatible serialization](https://www.w3.org/TR/webauthn-3/#clientdatajson-serialization) must be used for [clientDataJSON](https://www.w3.org/TR/webauthn-3/#dom-authenticatorresponse-clientdatajson). This makes the `ArrayBuffer` a `USVString` for platforms whose native string encoding is UTF-8. For such platforms, it would be easier and faster to just send the data as is; and for non-UTF-8 platforms, encoding the `ArrayBuffer` such that it is a `USVString`/`DOMString` is better than having to encode it as a [`Base64URLString`](https://www.w3.org/TR/webauthn-3/#typedefdef-base64urlstring) which itself is a subset of `DOMString` anyway. Is the reason [`AuthenticatorAttestationResponseJSON.clientDataJSON`](https://www.w3.org/TR/webauthn-3/#dictdef-authenticatorattestationresponsejson) defined that way for consistency alone? Specifically that _all_ `ArrayBuffer`s are converted to that?

On the server side, the data needs to be decoded twice: first to transform the `Base64URLString` into UTF-8 data and second to transform the UTF-8 data into a JSON map; however if the data were simply a `USVString`/`DOMString`, the server would only need to decode the data once as a JSON map.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2060 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 23 April 2024 19:42:44 UTC