- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 20 Nov 2024 20:45:47 +0000
- To: public-webauthn@w3.org
emlun has just created a new issue for https://github.com/w3c/webauthn: == Compound attestation statement format is incompatible with attStmtTemplate == [6.5.4. Generating an Attestation Object](https://w3c.github.io/webauthn/#sctn-generating-an-attestation-object) defines a CDDL template for attestation statement formats: ``` attObj = { authData: bytes, $$attStmtType } attStmtTemplate = ( fmt: text, attStmt: { * tstr => any } ; Map is filled in by each concrete attStmtType ) ; Every attestation statement format must have the above fields attStmtTemplate .within $$attStmtType ``` Note that the `attStmt` member is defined as a CBOR map. [ยง8.9. Compound Attestation Statement Format](https://w3c.github.io/webauthn/#sctn-compound-attestation) defines a choice for the `$$attStmtType` group socket: ``` $$attStmtType //= ( fmt: "compound", attStmt: [2* nonCompoundAttStmt] ) nonCompoundAttStmt = { $$attStmtType } .within { fmt: text .ne "compound" } ``` Note that the `attStmt` member here is a CBOR array. I also don't think the expression `attStmtTemplate .within $$attStmtType` successfully encodes the intent `Every attestation statement format must have the above fields`, for two reasons: it does not define a CDDL _rule_ since it contains no `=` sign, and even if it did, the `.within` control operator would apply only to the new type defined by that rule, but not to the `attObj` type. On the 2024-11-20 WG call it was said that there are implementations of compound attestation shipping, so the preferred resolution to this is to relax the template to allow array-based attestation statements. ## Proposed Change 1. Inline the `.within` control operator into the `attObj` definition: ``` attObj = { authData: bytes, $$attStmtType } .within attStmtTemplate ; Every attestation statement format must have the fields below ``` 2. Add a choice to `attStmtTemplate` to allow an array for `attStmt`: ``` attStmtTemplate = { authData: bytes, fmt: text, attStmt: ( { * tstr => any } ; Map is filled in by each concrete attStmtType // [ * any ] ; attStmt may also be an array ), } ``` Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2210 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 20 November 2024 20:45:47 UTC