Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should WebAuthnAttestation attributes have constructors? #313

Closed
kpaulh opened this issue Dec 20, 2016 · 4 comments
Closed

Should WebAuthnAttestation attributes have constructors? #313

kpaulh opened this issue Dec 20, 2016 · 4 comments
Labels
type:technical
Milestone
WD-04

Comments

@kpaulh
Copy link
Contributor

kpaulh commented Dec 20, 2016

If so, probably should be tacked in conjunction with or after issue #244 simplifies attestation.
@equalsJeffH equalsJeffH added this to the WD-04 milestone Dec 20, 2016
@equalsJeffH
Copy link
Contributor

you are suggesting something like:

[SecureContext, Constructor, Constructor(format)]
interface WebAuthnAttestation {
    readonly    attribute USVString     format;
    readonly    attribute ArrayBuffer   clientData;
    readonly    attribute ArrayBuffer   authenticatorData;
    readonly    attribute any           attestation;
};

yes?

A question is whether to allow for any, some, or all attr values to be passed-in via the constructor. It seems at least "format" would be a candidate (as illustrated above).

thoughts?

Also, if we are adding Constructor to this interface object, then we should also consider doing it on these, on a case-by-case basis I suspect (it would seem WebAuthnAssertion ought to be a solid candidate if WebAuthnAttestation is one):

[SecureContext]
interface ScopedCredentialInfo {
    readonly attribute ScopedCredential     credential;
    readonly attribute WebAuthnAttestation  attestation;
};

[SecureContext]
interface WebAuthnAssertion {
    readonly attribute ScopedCredential  credential;
    readonly attribute ArrayBuffer       clientData;
    readonly attribute ArrayBuffer       authenticatorData;
    readonly attribute ArrayBuffer       signature;
};

[SecureContext]
interface ScopedCredential {
    readonly attribute ScopedCredentialType type;
    readonly attribute ArrayBuffer          id;
};


interface PackedAttestation {
    readonly    attribute ArrayBuffer   x5c;
    readonly    attribute ArrayBuffer   daaKey;
    readonly    attribute DOMString     alg;
    readonly    attribute ArrayBuffer   signature;
};

interface TpmAttestation {
    readonly    attribute DOMString     tpmVersion;
    readonly    attribute ArrayBuffer   x5c;
    readonly    attribute ArrayBuffer   daaKey;
    readonly    attribute ArrayBuffer   certifyInfo;
    readonly    attribute DOMString     alg;
    readonly    attribute ArrayBuffer   signature;
};

[SecureContext]
interface AndroidKeyAttestation {
    readonly    attribute ArrayBuffer   signature;
};

interface AndroidSafetyNetAttestation {
    readonly attribute unsigned long version;
    readonly attribute DOMString     safetyNetResponse;
};

@equalsJeffH
Copy link
Contributor

per https://www.w3.org/2017/01/04-webauthn-minutes.html @vijaybh (aka vgb, Vijay) said: "[i'm working on attestation and this may be related" -- thus noting the overall revamp attestation issue #244 here

@equalsJeffH
Copy link
Contributor

in same minutes, @vijaybh also indicated: [ I ] will look at #313 (this issue) along with #226

MXEBot pushed a commit to mirror/chromium that referenced this issue Jan 21, 2017
@kpaulh
Add WebAuthn bindings and client interface.
8d43296 
This CL adds the WebAuthn bindings and interface to support
WebAuthentication.makeCredential and WebAuthentication.getAssertion.

The draft spec is here: https://w3c.github.io/webauthn/

The interface is likely to change as the spec matures. We're tracking the
comments and suggestions from this review via issues opened with the working
group:
w3c/webauthn#310
w3c/webauthn#311
w3c/webauthn#312
w3c/webauthn#313

This patch also proactively implements the change to WebAuthnAttestation
suggested here: w3c/webauthn#244

BUG=664630

Review-Url: https://codereview.chromium.org/2533863002
Cr-Commit-Position: refs/heads/master@{#445239}
@kpaulh
Copy link
Contributor Author

kpaulh commented Feb 14, 2017

The WebAuthnAttestation interface was removed by #321.

@kpaulh kpaulh closed this as completed Feb 14, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:technical
Projects
None yet
Milestone
WD-04
Development

No branches or pull requests
2 participants
@equalsJeffH @kpaulh