Firstyear
Firstyear
@emlun I'm thinking something like a third operation in https://www.w3.org/TR/webauthn-3/#sctn-rp-operations like "update credential metadata" or similar? And yes, it should rely on the management commands for updating info, rather than...
Any ideas on how we could proceed here @emlun?
Will these use cases also discuss when RP's want to *exclude* multi-device credentials?
Sure, I was in the middle of writing these up for a blog anyway, so I'll submit some text and and overview of this from the view of an RP/Enterprise...
@MasterKale cc you probably have use cases here we should think about too.
So, some draft use cases. Especially as someone who implements an RP, and works with a lot of people deploying theirs, I think this boils down to a set of...
> hm... Though, step 12 is: > > > 1. Perform CBOR decoding on the attestationObject field of the AuthenticatorAttestationResponse structure to obtain the attestation statement format fmt, the authenticator...
I agree with the premise of #1064 - verify cryptographic assertions first, then validate our remaining parameters are what we expect, and kind of what this ticket is about too.
Great thanks. Is there anything actionable you need from me at this point for this topic?
I think that having the object with things you should store sounds like the best solution here. This way the RP can store "everything" they *might* need so that if...