Add formal CDDL definition for authenticator extension in/outputs

w3c · Jun 11, 2020 · b19d88c · b19d88c
1 parent dea84e1
commit b19d88c
Showing 1 changed file with 54 additions and 2 deletions.
diff --git a/index.bs b/index.bs
@@ -864,7 +864,7 @@ below and in [[#index-defined-elsewhere]].
     as defined in [[!FIDO-CTAP]].
 
 : CDDL
-:: This specification describes the syntax of all [=CBOR=]-encoded data using the CBOR Data Definition Language (CDDL) [[!RFC8610]].
+:: This specification describes the syntax of all [=CBOR=]-encoded data using the CBOR Data Definition Language (<dfn>CDDL</dfn>) [[!RFC8610]].
 
 : COSE
 :: CBOR Object Signing and Encryption (COSE) [[!RFC8152]].  The IANA COSE Algorithms registry established by this specification is also used.
@@ -2882,6 +2882,28 @@ This is a dictionary containing the [=client extension input=] values for zero o
 This is a dictionary containing the [=client extension output=] values for zero or more [=WebAuthn Extensions=].
 
 
+### Authentication Extensions Authenticator Inputs (CDDL type `extensionInputs`) ### {#iface-authentication-extensions-authenticator-inputs}
+
+```
+extensionInputs = { * $$extensionInput .within ( tstr => any ) }
+```
+
+The [=CDDL=] type `extensionInputs` defines a [=CBOR=] map
+containing the [=authenticator extension input=] values for zero or more [=WebAuthn Extensions=].
+
+This type is not exposed to the [=[RP]=], but is used by the [=client=] and [=authenticator=].
+
+
+### Authentication Extensions Authenticator Outputs (CDDL type `extensionOutputs`) ### {#iface-authentication-extensions-authenticator-outputs}
+
+```
+extensionOutputs = { * $$extensionOutput .within ( tstr => any ) }
+```
+
+The [=CDDL=] type `extensionOutputs` defines a [=CBOR=] map
+containing the [=authenticator extension output=] values for zero or more [=WebAuthn Extensions=].
+
+
 ## Supporting Data Structures ## {#sctn-supporting-data-structures}
 
 The [=public key credential=] type uses certain data structures that are specified in supporting specifications. These are as
@@ -5248,6 +5270,27 @@ input=]. For extensions that do not require input parameters and are defined as
 value set to [TRUE], this method SHOULD consist of passing an [=authenticator extension input=] value of [TRUE] (CBOR major type
 7, value 21).
 
+Extensions that have authenticator processing MUST define extensions for the [=CDDL=] types
+<code>[[#iface-authentication-extensions-authenticator-inputs|extensionInputs]]</code>
+and <code>[[#iface-authentication-extensions-authenticator-outputs|extensionOutputs]]</code>
+by defining an additional choice for the `$$extensionInput` and `$$extensionOutput` groups.
+If an extension does not require any parameters from the [=[RP]=],
+it SHOULD be defined as taking the Boolean value [TRUE] as its [=authenticator extension input=]
+to signify that the extension is requested by the [=[RP]=].
+
+The following example defines that an extension with [=extension identifier|identifier=] `webauthnExample_foobar`
+takes an unsigned integer as [=authenticator extension input=],
+and returns an array of at least one byte string as [=authenticator extension output=]:
+
+<pre class="example">
+    $$extensionInput //= (
+      webauthnExample_foobar: uint
+    )
+    $$extensionOutput //= (
+      webauthnExample_foobar: [+ bytes]
+    )
+</pre>
+
 Note: Extensions should aim to define authenticator arguments that are as small as possible. Some authenticators communicate
     over low-bandwidth links such as Bluetooth Low-Energy or NFC.
 
@@ -5501,6 +5544,12 @@ This extension enables use of a user verification method.
 : Authenticator extension input
 :: The Boolean value [TRUE], encoded in CBOR (major type 7, value 21).
 
+    ```
+    $$extensionInput //= (
+      uvm: true,
+    )
+    ```
+
 : Authenticator extension processing
 :: The [=authenticator=] sets the [=authenticator extension output=] to be one or more user verification methods indicating the method(s) used
     by the user to authorize the operation, as defined below. This extension can be added to attestation objects and assertions.
@@ -5510,7 +5559,10 @@ This extension enables use of a user verification method.
     using the CBOR syntax defined below:
 
     ```
-    uvmFormat = [ 1*3 uvmEntry ]
+    $$extensionOutput //= (
+      uvm: [ 1*3 uvmEntry ],
+    )
+
     uvmEntry = [
                    userVerificationMethod: uint .size 4,
                    keyProtectionType: uint .size 2,