webauthn icon indicating copy to clipboard operation
webauthn copied to clipboard

Published 20 hours ago verified publisher icon w3c

Bit set by the SPC extension should backed up as part of the Public Key Credential Source

Open timcappalli opened this issue 1 year ago • 2 comments

PLACEHOLDER

Proposed Change

Bit set by the SPC extension should backed up as part of the Public Key Credential Source.

timcappalli avatar Sep 25 '24 01:09 timcappalli

This makes sense to me.

selfissued avatar Sep 25 '24 01:09 selfissued

Suggest altering the definition of credential source to say that extensions supplied during creation can define their own additional data, e.g.

A credential source ([CREDENTIAL-MANAGEMENT-1]) used by an authenticator to generate authentication assertions. A public key credential source ~~consists of a struct with~~ will contain the following items:

and at the end

Extensions supplied during the authenticatorMakeCredential operation MAY define additional data as part of the credential source.

This would give a path for SPC to define what information needs to be retained to differentiate the credential separately.

dwaite avatar Oct 23 '24 18:10 dwaite

@timcappalli to talk to SPC folks about including this in their spec.

timcappalli avatar Nov 13 '24 20:11 timcappalli

Issue created in SPC: https://github.com/w3c/secure-payment-confirmation/issues/278

Closing.

timcappalli avatar Nov 25 '24 15:11 timcappalli