brentfulgham
commented
6 years ago Sorry -- I should have filed this as "brentfulgham" from my Apple GitHub account.
Closed bfulgham closed 5 years ago
brentfulgham
commented
6 years ago Sorry -- I should have filed this as "brentfulgham" from my Apple GitHub account.
rlin1
commented
6 years ago Should we call-out TEE or Secure Execution Environment separately? I.e. implementation is possible in software executing on (a) a general purpose computing device, (b) in a secure execution environment, (c) an on-device Trusted Platform Module (TPM) or a Secure Element (SE), or (d) off-device. or
equalsJeffH
commented
6 years ago suggested text?
samuelweiler
commented
6 years ago f2f discussion at tpac suggests just adding another element to the "or", clarifying that implementation on a general purpose computing device is fine.
rlin1
commented
6 years ago or is possible in software executing on (a) a general purpose computing device, (b) an on-device Secure Execution Environment, or a Trusted Platform Module (TPM) or a Secure Element (SE), or (d) off-device.
rlin1
commented
6 years ago The current master already has the following paragraph: "Broadly, compliant authenticators protect public key credentials, and interact with user agents to implement the Web Authentication API. Some authenticators MAY run on the same client device (e.g., smart phone, tablet, desktop PC) as the user agent is running on. For instance, such an authenticator might consist of a Trusted Execution Environment (TEE) applet, a Trusted Platform Module (TPM), or a Secure Element (SE) integrated into the client device in conjunction with some means for user verification, along with appropriate driver software to mediate access to these components' functionality. Other authenticators MAY operate autonomously from the client device running the user agent, and be accessed over a transport such as Universal Serial Bus (USB), Bluetooth Low Energy (BLE) or Near Field Communications (NFC)"
This paragraph doesn't explicitly call-out the case (a) as mentioned in the first comment.
rlin1
commented
6 years ago Proposed modified paragraph:
Broadly, compliant authenticators protect public key credentials, and interact with user agents to implement the Web Authentication API. Implementing compliant authenticators is possible in software executing on (a) a general purpose computing device, (b) an on-device Secure Execution Environment, or a Trusted Platform Module (TPM) or a Secure Element (SE), or (d) off-device. Authenticators being implemented on-device are called Platform Authenticators. Authenticators being implemented off-device (Roaming Authenticators) can be accessed over a transport such as Universal Serial Bus (USB), Bluetooth Low Energy (BLE) or Near Field Communications (NFC).
jcjones
commented
6 years ago Addressed by https://github.com/w3c/webauthn/pull/1109
The paragraph beginning "Broadly, compliant authenticators" is unclear. It should be reworded to state that implementation is possible in software executing on (a) a general purpose computing device, (b) an on-device Trusted Platform Module (TPM) or a Secure Element (SE), or (c) off-device.