Skip to content

Commit

Permalink
Apply emlun's changes from code review
Browse files Browse the repository at this point in the history 
Co-authored-by: Emil Lundberg <emil@yubico.com>
  • Loading branch information
@agl @emlun
agl and emlun committed Nov 15, 2023
1 parent 24dd8e9 commit 462113c
Showing 1 changed file with 9 additions and 9 deletions.
18 changes: 9 additions & 9 deletions index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7109,7 +7109,7 @@ A usage example is thus:

Another example of supplemental keys:

> Say that a sign-in request appears at a website along with some geolocation signal that has not been seen for this [=user account=] before, and is outside of the typical usage hours observed for the account. The risk may be deemed high enough not to allow the request, even with an assertion by a [=multi-device credential=] on its own. But if a signature from a supplimental key that is device-bound, and that is <i>well established</i> for this user can also be presented, then that may tip the balance.
> Say that a sign-in request appears at a website along with some geolocation signal that has not been seen for this [=user account=] before, and is outside of the typical usage hours observed for the account. The risk may be deemed high enough not to allow the request, even with an assertion by a [=multi-device credential=] on its own. But if a signature from a supplemental key that is device-bound, and that is <i>well established</i> for this user can also be presented, then that may tip the balance.

The weight that [=[RPS]=] give to the presence of a signature from a supplemental key may be based on information learned from its optional attestation. An attestation can indicate the level of protection enjoyed by a hardware-bound key, or the policies for other types of supplemental key.

Expand All @@ -7135,7 +7135,7 @@ The weight that [=[RPS]=] give to the presence of a signature from a supplementa
</xmp>
<div dfn-type="dict-member" dfn-for="AuthenticationExtensionsSupplementalPublicKeysInputs">
: <dfn>scopes</dfn>
:: This required member specifies the scopes of supplemental public keys that the [=[RP]=] requests. Values are taken from the `scope` group in the CDDL below. (I.e. currently valid values are `provider` and `device`.) Specifying the scopes that a [=[RP]=] can use allows an [=authenticator=] to avoid the work of generating superfluous supplemental keys.
:: This required member specifies the scopes of supplemental public keys that the [=[RP]=] requests. Values are taken from the `scope` group in the CDDL below (i.e., currently defined values are `provider` and `device`); authenticators silently ignore unrecognized values. Specifying the scopes that a [=[RP]=] can use allows an [=authenticator=] to avoid the work of generating superfluous supplemental keys.

: <dfn>attestation</dfn>
:: The [=[RP]=] MAY use this OPTIONAL member to specify a preference regarding [=attestation conveyance=].
Expand All @@ -7157,7 +7157,7 @@ The weight that [=[RPS]=] give to the presence of a signature from a supplementa
:: If {{AuthenticationExtensionsClientInputs/supplementalPubKeys}} is present, the client creates the authenticator extension input from the client extension input.

: Client extension output
:: An ArrayBuffer containing the signature returned as the [=unsigned extension output=].
:: A sequence of {{ArrayBuffer}}s containing the signatures returned as the [=unsigned extension output=].
<xmp class="idl">
dictionary AuthenticationExtensionsSupplementalPublicKeysOutputs {
sequence<ArrayBuffer> signatures;
Expand All @@ -7174,9 +7174,9 @@ The weight that [=[RPS]=] give to the presence of a signature from a supplementa

```
supplementalPublicKeyInputs = {
scopes: [tstr],
scopes: [+ tstr],
attestation: tstr,
attestationFormats: [tstr],
attestationFormats: [* tstr],
}
$$extensionInput //= (
supplementalPubKeys: supplementalPublicKeyInputs,
Expand All @@ -7192,7 +7192,7 @@ The weight that [=[RPS]=] give to the presence of a signature from a supplementa
; lexicographically by scope and MUST NOT include more than one element
; with a given scope.

supplementalPubKeys: [attObjForSupplementalPublicKey],
supplementalPubKeys: [+ attObjForSupplementalPublicKey],
)

scope = (
Expand Down Expand Up @@ -7268,13 +7268,13 @@ The weight that [=[RPS]=] give to the presence of a signature from a supplementa
```

: Unsigned extension output
:: A CBOR array of byte strings containing the signatures generated with the supplemental private keys, in the same order as in the authenticator extension output.
:: A non-empty CBOR array of byte strings containing the signatures generated with the supplemental private keys, in the same order as in the authenticator extension output.

: Authenticator extension processing
:: For both [=authenticatorMakeCredential=] and [=authenticatorGetAssertion=] operations:
1. Create or select the [=public key credential source=] as usual (see [[#sctn-op-make-cred]], or [[#sctn-op-get-assertion]] as appropriate).

1. Let |scopes| be the [=set=] of all supplemental public key scopes that the [=authenticator=] supports. Updates |scopes| to be the [=set/intersection=] of itself and {{AuthenticationExtensionsSupplementalPublicKeysInputs/scopes}}. If |scopes| is empty, terminate these processing steps with no extension output.
1. Let |scopes| be the [=set=] of all supplemental public key scopes that the [=authenticator=] supports. Update |scopes| to be the [=set/intersection=] of itself and {{AuthenticationExtensionsSupplementalPublicKeysInputs/scopes}}. If |scopes| is empty, terminate these processing steps with no extension output.

1. Let |spks| and |spkSigs| be empty arrays.

Expand Down Expand Up @@ -7341,7 +7341,7 @@ The weight that [=[RPS]=] give to the presence of a signature from a supplementa

##### AAGUIDs ##### {#sctn-supplemental-public-keys-attestation-aaguid}

The [=AAGUID=] included in the <code>[=supplementalPubKeys=]</code> extension output, if non-zero, aids a [=[RP]=] in validating the [=attestation statement=] of the supplemental public key. Its interpretation depends on the scope of the key. It may differ from the [=AAGUID=] in the [=attested credential data=] of a [=multi-device credential=]. Thus the AAGUID of [=supplemental public key=] MAY be different in a single response and either, or both, may be zero depending on the options requested and authenticator behaviour.
Any non-zero [=/AAGUID=]s included in the <code>[=supplementalPubKeys=]</code> extension output aid a [=[RP]=] in validating the [=attestation statement=] of the supplemental public key. The interpretation of each AAGUID depends on the scope of the corresponding key. Some or all may differ from the [=authData/attestedCredentialData/aaguid=] in the [=attested credential data=] of a [=multi-device credential=]. Thus the AAGUID of a [=supplemental public key=] MAY be different in a single response and either, or both, may be zero depending on the options requested and authenticator behaviour.

##### Attestation calculations ##### {#sctn-supplemental-public-keys-attestation-calculations}

Expand Down

0 comments on commit 462113c

Please sign in to comment.