Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add registration/authentication extensions for cloud-assisted BLE #909

Open
wants to merge 9 commits into
base: master
from

Conversation

@kpaulh
Copy link
Contributor

kpaulh commented May 15, 2018

This is a counterpart to https://github.com/fido-alliance/fido-2-specs/pull/529/, the FIDO2 cloud-assisted BLE PR. We're not quite sure where the extension should live - FIDO2 or WebAuthN. We're leaning towards WebAuthN, since it is relevant to RPs, but hoping others have some thoughts.

Also, this PR currently has references to sections in the FIDO2 spec that I can either replace with complete explanations or update links to once they're available in the FIDO spec. We figured we would get eyes on it now and clean up along the way.

Note that since this is the first registration extension, this PR also adds RegistrationExtensionsClientInputs/Outputs.


Preview | Diff

@equalsJeffH equalsJeffH self-requested a review May 16, 2018

@nadalin

This comment has been minimized.

Copy link
Contributor

nadalin commented May 16, 2018

@kpaulh Will review @ the FIDO Plenary

@selfissued
Copy link
Contributor

selfissued left a comment

I believe that this extension does belong in WebAuthn, although it would be OK for it to be in CTAP instead. In either case, it will end up in the IANA "Extension Identifiers" registry - so the result would be the same.

The creation of the "RegistrationExtensions..." identifiers reflects a misunderstanding. The word "Authentication" in the "AuthenticationExtensions..." identifiers refers to "Web Authentication" - not a particular method. The existing identifiers apply and should be used.

index.bs Outdated
};
</xmp>

This is a dictionary containing the [=client extension output=] values for zero or more WebAuthn extensions, as defined in [[#extensions]].

This comment has been minimized.

@selfissued

selfissued May 23, 2018

Contributor

Delete RegistrationExtensionsClientOutputs. Use AuthenticationExtensionsClientOutputs instead.

This comment has been minimized.

@kpaulh

kpaulh May 23, 2018

Author Contributor

Done! sorry for the confusion.

index.bs Outdated
};
</xmp>

This is a dictionary containing the [=client extension input=] values for zero or more WebAuthn extensions, as defined in [[#extensions]].

This comment has been minimized.

@selfissued

selfissued May 23, 2018

Contributor

Delete RegistrationExtensionsClientInputs. Use AuthenticationExtensionsClientInputs instead.

This comment has been minimized.

@kpaulh

kpaulh May 23, 2018

Author Contributor

Done

index.bs Outdated
typedef record<DOMString, DOMString> RegistrationExtensionsAuthenticatorInputs;
</xmp>

This is a dictionary containing the [=authenticator extension input=] values for zero or more WebAuthn extensions, as defined in [[#extensions]].

This comment has been minimized.

@selfissued

selfissued May 23, 2018

Contributor

Delete RegistrationExtensionsAuthenticatorOutputs. Use AuthenticationExtensionsAuthenticatorOutputs instead.

This comment has been minimized.

@kpaulh

kpaulh May 23, 2018

Author Contributor

Done

index.bs Outdated
required BufferSource rpPublicKey;
};

partial dictionary RegistrationExtensionsClientInputs {

This comment has been minimized.

@selfissued

selfissued May 23, 2018

Contributor

Registration -> Authentication

This comment has been minimized.

@kpaulh

kpaulh May 23, 2018

Author Contributor

and Done

@nadalin

This comment has been minimized.

Copy link
Contributor

nadalin commented Feb 13, 2019

@equalsJeffH

This comment has been minimized.

Copy link
Contributor

equalsJeffH commented Mar 6, 2019

Just to note wrt

We're not quite sure where the[se] extension[s] should live - FIDO2 or WebAuthN

Just to note, presently these extension definitions are also contained in fido-alliance/fido-2-specs#529 [ which is for the CTAP spec ]. If we decide to land them here in the WebAuthn spec, we will need to update fido-alliance/fido-2-specs#529 such that they (specifically only the extension definitions) are elided (from the latter CTAP-specific PR).


During <code>authenticatorGetAssertion()</code>, the RP provides the
client with the necessary session data via the following extension.
For details refer to Sections [#cable-eid] and [#cable-encryption].

This comment has been minimized.

@jcjones

jcjones Mar 7, 2019

Contributor

I don't think these anchors exist?

@equalsJeffH
Copy link
Contributor

equalsJeffH left a comment

LGTM, thanks Kim!!

@nadalin

This comment has been minimized.

Copy link
Contributor

nadalin commented Mar 13, 2019

We will leave open until the CTAP work is implemented and make sure this works with passwordless world

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.