search

w3c / webauthn

Web Authentication: An API for accessing Public Key Credentials
https://w3c.github.io/webauthn/
Other
1.19k stars 171 forks source link

Bit set by the SPC extension should backed up as part of the Public Key Credential Source #2153

Open timcappalli opened 1 month ago

timcappalli commented 1 month ago

PLACEHOLDER

Proposed Change

Bit set by the SPC extension should backed up as part of the Public Key Credential Source.

selfissued commented 1 month ago

This makes sense to me.

dwaite commented 4 weeks ago

Suggest altering the definition of credential source to say that extensions supplied during creation can define their own additional data, e.g.

A credential source ([CREDENTIAL-MANAGEMENT-1]) used by an authenticator to generate authentication assertions. A public key credential source consists of a struct with will contain the following items:

and at the end

Extensions supplied during the authenticatorMakeCredential operation MAY define additional data as part of the credential source.

This would give a path for SPC to define what information needs to be retained to differentiate the credential separately.

timcappalli commented 1 week ago

@timcappalli to talk to SPC folks about including this in their spec.