Re: [webauthn] Public Key Credential Source and Extensions (#1719) from Emil Lundberg via GitHub on 2024-09-06 (public-webauthn@w3.org from September 2024)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 06 Sep 2024 16:37:06 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2334432419-1725640623-sysbot+gh@w3.org>

I think I'd be fine with either of (1) or (2). (1) could be done similarly to how [credential record](https://w3c.github.io/webauthn/#credential-record) is defined to be extensible, which [was used in the `supplementalPubKeys` extension](https://github.com/w3c/webauthn/blob/2df9691d9537f4e54d1b83fc9707525e8e34dac0/index.bs#L7586-L7612) but doesn't seem to be used anymore in the current editor's draft. Or maybe just vaguely add a field for "any additional data as needed by extensions" or similar.

> Should things like `hmac-secret`/`prf` be backed up as part of the `Public Key Credential Source`?

I'd say yes, those are associated with the credential so they should be backed up along with their associated credential.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1719#issuecomment-2334432419 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 6 September 2024 16:37:06 UTC