Enterprise attestaion is a bool in WebAuthn and an Int in CTAP2.1 #1795
Assignees
Labels
Comments
ve7jtb
changed the title
|
Given that webauthn sits atop ctap, could we actually use an enumeration of this value to make it clearer? |
|
@ve7jtb Do we just want to close this ? |
|
No action |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proposed Change
Describe your proposed change. If you have suggested text, please file a corresponding Pull Request.
The current WebAuthn text uses options enterprise to set enterpriseAttestationPossible state to true if present.
In CTAP enterpriseAttestation can have two values 1 for Vendor-facilitated enterprise attestation and 2 for Platform-managed enterprise attestation.
This might cause confusion if the CTAP2.1 spec is not read closely
Sec 5.1.3 point 20.5 should probably be something like:
Let enterpriseAttestationPossible be an Intiger value, as follows. If options.attestation
is set to enterprise
Let enterpriseAttestationPossible be 2 if the user agent wishes to support enterprise attestation for options.rp.id (see Step 8, above). Otherwise 1.
otherwise
Let enterpriseAttestationPossible be absent.
The text was updated successfully, but these errors were encountered: