webauthn icon indicating copy to clipboard operation
webauthn copied to clipboard

Published 20 hours ago verified publisher icon w3c

Enterprise attestaion is a bool in WebAuthn and an Int in CTAP2.1

Open ve7jtb opened this issue 3 years ago • 2 comments

Proposed Change

Describe your proposed change. If you have suggested text, please file a corresponding Pull Request. The current WebAuthn text uses options enterprise to set enterpriseAttestationPossible state to true if present.

In CTAP enterpriseAttestation can have two values 1 for Vendor-facilitated enterprise attestation and 2 for Platform-managed enterprise attestation.

This might cause confusion if the CTAP2.1 spec is not read closely Sec 5.1.3 point 20.5 should probably be something like:

Let enterpriseAttestationPossible be an Intiger value, as follows. If options.attestation

is set to enterprise Let enterpriseAttestationPossible be 2 if the user agent wishes to support enterprise attestation for options.rp.id (see Step 8, above). Otherwise 1.

otherwise Let enterpriseAttestationPossible be absent.

ve7jtb avatar Sep 07 '22 19:09 ve7jtb

Given that webauthn sits atop ctap, could we actually use an enumeration of this value to make it clearer?

Firstyear avatar Sep 08 '22 00:09 Firstyear

@ve7jtb Do we just want to close this ?

nadalin avatar Jan 03 '24 19:01 nadalin

No action

ve7jtb avatar May 01 '24 19:05 ve7jtb