-
Replace rp-app.js with Polymer web component for WebAuthn.
-
AAL3 requires verifier impersonation resistance, as defined in Section 5.2.5.
The relevant paragraph states as follows (emphasis added)
> A verifier impersonation-resistant authentication protoc…
-
In the same vein as PKCS#11 #84 , SSH3 should provide first class support for passkeys and security keys.
See https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html for the instructions on …
-
From the [Chromium blog](https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html):
>We are committed to developing this standard in a way that ensures it will not be abused to seg…
-
{
"description": "Tests if empty user IDs are omitted in the response.",
"error_message": "Cannot make credential with an empty user ID.",
"id": "get_assertion_empty_user_id",…
-
Attempting to create a key only allows for certification through security key, but not via other ways (e.g. Pin Auth on Win 10 or fingerprint on Android) - both platforms only request a security key.
…
-
We can improve the communition with the client plugins. We should improve the REST response values, so that the client plugins can more easily react.
Currently the response looks like this:
~~~~…
-
I am working on a React Native application and am trying to support the Fido2 auth standard. I believe I have the server side configured correctly with AWS, however, when I call Passkey.register() I k…
-
To do this, a key sharing scheme is necessary to provide a “sync link” feature - tracked here https://github.com/w3c/webauthn/issues/931
-
## Describe the issue
- `AuthenticationExtensionsClientInputs` should probably support largeBlob: {read/write} (https://chromestatus.com/feature/5657899357437952) as an extension: parameter. (maybe…