Shane Weeden
Shane Weeden
This issue is to capture discussion / decision making related to a discussion opened on the mailing list: https://lists.w3.org/Archives/Public/public-webauthn/2020Feb/0001.html The summary of the request is to allow an RP to...
The use case in mind is when an RP is required to enforce attestation-based registration requirements. Why not allow the RP to suggest in attestation options a richer set of...
In an examples 1, 3 and 4 in section 1 there is a comment associated with the challenge: ``` /* 29 more random bytes generated by the server */ ```...
## Proposed Change Following on from the discussion held at the TPAC face-to-face in Vancouver... In order to ensure consistent capability from the autofill UI, there is a desire for...
## Proposed Change Note: This may end up resulting in a WebAuthn spec change (I think it should - read on), or in a close with feedback to the FIDO...
## Proposed Change During credential registration in particular (and also given that attestation can now, in theory, be requested on assertions), the [attestation](https://w3c.github.io/webauthn/#dom-publickeycredentialrequestoptions-attestation) property can be specified, as a single-valued...
The current explainer says that when a session is being established, the JWT which contains the signed challenge is sent as the POST body data to the `/path+"/startsession"` endpoint. When...
The `Sec-Session-Registration` example response header is shown with several elements, separated by semi-colons: ``` Sec-Session-Registration: "path";challenge=:Y2hhbGxlbmdl:;es256;rs256;authorization=:YXV0aGNvZGU=: ``` The `Sec-Session-Challenge` example response header is shown with two elements, separated by a...
I've read the [estimated timeline](https://github.com/WICG/dbsc/wiki/DBSC-timeline), and looked at the flags available in Chrome Canary 125 on Mac. These don't line up - the estimated timeline suggests a flag called `#enable-standard-device-bound-session-credentials`...