- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Wed, 26 Jun 2024 19:13:03 +0000
- To: public-webauthn@w3.org
@emlun I took a pass at some new proposed text, based on your above feedback and the corresponding conversation on the call about the variance of enterprise attestations: > 8.2.2. Certificate Requirements for Enterprise Packed Attestation Statements > > Enterprise attestations are often used to restrict access to enterprise resources to a small set of specific, vetted authenticators. Examples might include issuing hardware-based roaming authenticators to employees with a specific configuration, or deploying software authenticators via a system for managing corporate-owned devices. > > This close relationship between relying party and authenticator may lead to a higher degree of variance in the attributes available in the enterprise attestation. Similar to non-enterprise attestations, there may be certification bodies that set additional requirements on enterprise attestations in order to achieve certification. > > The Extension OID 1.3.6.1.4.1.45724.1.1.2 ( id-fido-gen-ce-sernum ) MAY be present, and if so MUST indicate a unique value per device against a particular AAGUID. This value MUST remain constant through factory resets, but MAY be distinct from any other serial number or other hardware identifier associated with the device. This extension MUST NOT be marked as critical, and the corresponding value is encoded as an OCTET STRING. This extension MUST NOT be present in non-enterprise attestations. -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1954#issuecomment-2192454414 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 26 June 2024 19:13:03 UTC