search

w3c / webauthn

Web Authentication: An API for accessing Public Key Credentials
https://w3c.github.io/webauthn/
Other
1.16k stars 167 forks source link

Add opaque data extension #98

Closed gmandyam closed 8 years ago

gmandyam commented 8 years ago

An RP may send opaque data to an authenticator via an extension that requires no client processing. This should be a pre-registered extension type and would be passed directly to the authenticator from the client.

equalsJeffH commented 8 years ago

Does this last paragraph of the current section 5 {#extension-request-parameters} address this use case?

For extensions that specify additional authenticator processing only, it is desirable that the platform 
need not know the extension. To support this, platforms SHOULD pass the client argument of 
unknown extension as the authenticator argument unchanged, under the same extension identifier. 
The authenticator argument should be the CBOR encoding of the client argument, as specified in 
Section 4.2 of [RFC7049]. Clients SHOULD silently drop unknown extensions whose client argument 
cannot be encoded as a CBOR structure.
equalsJeffH commented 8 years ago

shall we close this issue?

gmandyam commented 8 years ago

Closing issue. Note that as long as we do not put normative requirements on how UVI is generated by an authenticator, it is for all intents and purposes an opaque data extension.