Skip to content

Commit

Permalink
Define [=WebAuthn signature=]
Browse files Browse the repository at this point in the history
  • Loading branch information
@emlun
emlun committed Oct 22, 2019
1 parent b952f90 commit 5b6f595
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions index.bs
View file
Expand Up @@ -2701,7 +2701,7 @@ The [=public key credential=] type uses certain data structures that are specifi
follows.


### Client Data Used in WebAuthn Signatures (dictionary <dfn dictionary>CollectedClientData</dfn>) ### {#dictionary-client-data}
### Client Data Used in [=WebAuthn Signatures=] (dictionary <dfn dictionary>CollectedClientData</dfn>) ### {#dictionary-client-data}

The <dfn>client data</dfn> represents the contextual bindings of both the [=[WRP]=] and the [=client=]. It is a key-value
mapping whose keys are strings. Values can be any type that has a valid encoding in JSON. Its structure is defined by the
Expand Down Expand Up @@ -2964,7 +2964,7 @@ made by that manufacturer, and different (with high probability) from the AAGUID
The AAGUID for a given type of authenticator SHOULD be randomly generated to ensure this. The [=[RP]=] MAY use the AAGUID to infer certain
properties of the authenticator, such as certification level and strength of key protection, using information from other sources.

The primary function of the authenticator is to provide WebAuthn signatures, which are bound to various contextual data. These
The primary function of the authenticator is to provide [=WebAuthn signatures=], which are bound to various contextual data. These
data are observed and added at different levels of the stack as a signature request passes from the server to the
authenticator. In verifying a signature, the server checks these bindings against expected values. These contextual bindings
are divided in two: Those added by the [=[RP]=] or the client, referred to as [=client data=]; and those added by the authenticator,
Expand Down Expand Up @@ -3001,6 +3001,7 @@ Authenticators produce cryptographic signatures for two distinct purposes:
provided, and the prompt shown to the user by the [=authenticator=]. The [=assertion signature=] format is illustrated in
[Figure 4, below](#fig-signature).

The term <dfn>WebAuthn signature</dfn> refers to both [=attestation signatures=] and [=assertion signatures=].
The formats of these signatures, as well as the procedures for generating them, are specified below.

## Authenticator Data ## {#sctn-authenticator-data}
Expand Down

0 comments on commit 5b6f595

Please sign in to comment.