edrthomas
commented
7 years ago Addressed in Security TF call 16-11-09
As mentioned in minutes, see accepted resolution for this issue.
Open haudiobe opened 7 years ago
edrthomas
commented
7 years ago Addressed in Security TF call 16-11-09
As mentioned in minutes, see accepted resolution for this issue.
Submitter: GIri Mandyam The JWT defined in [URISigning] cannot be augmented with an attestation statement and therefore the environment in which the signing operation is conducted cannot be verified by the relying party. Moreover, the JWT cannot be augmented with information about the platform in which the UA is running (e.g. see https://developer.android.com/training/safetynet/index.html for an example) and therefore is overly rigid.