Add registration/authentication extensions for cloud-assisted BLE #909
Conversation
|
@kpaulh Will review @ the FIDO Plenary |
There was a problem hiding this comment.
I believe that this extension does belong in WebAuthn, although it would be OK for it to be in CTAP instead. In either case, it will end up in the IANA "Extension Identifiers" registry - so the result would be the same.
The creation of the "RegistrationExtensions..." identifiers reflects a misunderstanding. The word "Authentication" in the "AuthenticationExtensions..." identifiers refers to "Web Authentication" - not a particular method. The existing identifiers apply and should be used.
index.bs
Outdated
| }; | ||
| </xmp> | ||
|
|
||
| This is a dictionary containing the [=client extension output=] values for zero or more WebAuthn extensions, as defined in [[#extensions]]. |
There was a problem hiding this comment.
Delete RegistrationExtensionsClientOutputs. Use AuthenticationExtensionsClientOutputs instead.
There was a problem hiding this comment.
Done! sorry for the confusion.
index.bs
Outdated
| }; | ||
| </xmp> | ||
|
|
||
| This is a dictionary containing the [=client extension input=] values for zero or more WebAuthn extensions, as defined in [[#extensions]]. |
There was a problem hiding this comment.
Delete RegistrationExtensionsClientInputs. Use AuthenticationExtensionsClientInputs instead.
index.bs
Outdated
| typedef record<DOMString, DOMString> RegistrationExtensionsAuthenticatorInputs; | ||
| </xmp> | ||
|
|
||
| This is a dictionary containing the [=authenticator extension input=] values for zero or more WebAuthn extensions, as defined in [[#extensions]]. |
There was a problem hiding this comment.
Delete RegistrationExtensionsAuthenticatorOutputs. Use AuthenticationExtensionsAuthenticatorOutputs instead.
index.bs
Outdated
| required BufferSource rpPublicKey; | ||
| }; | ||
|
|
||
| partial dictionary RegistrationExtensionsClientInputs { |
There was a problem hiding this comment.
Registration -> Authentication
|
@jcjones @akshayku @equalsJeffH Please review |
|
Just to note wrt
Just to note, presently these extension definitions are also contained in https://github.com/fido-alliance/fido-2-specs/pull/529/ [ which is for the CTAP spec ]. If we decide to land them here in the WebAuthn spec, we will need to update https://github.com/fido-alliance/fido-2-specs/pull/529/ such that they (specifically only the extension definitions) are elided (from the latter CTAP-specific PR). |
|
|
||
| During <code>authenticatorGetAssertion()</code>, the RP provides the | ||
| client with the necessary session data via the following extension. | ||
| For details refer to Sections [#cable-eid] and [#cable-encryption]. |
There was a problem hiding this comment.
I don't think these anchors exist?
|
We will leave open until the CTAP work is implemented and make sure this works with passwordless world |
| }; | ||
| </xmp> | ||
|
|
||
| Versions is a list of protocol versions supported by the relying party. |
There was a problem hiding this comment.
Could you elaborate the version ? What value is supported here?
There was a problem hiding this comment.
For now only "1", but the field exists so that we can make changes/fixes to the protocol if needed.
|
|
||
| Versions is a list of protocol versions supported by the relying party. | ||
|
|
||
| The rpPublicKey is an ECDH P-256 public key. |
There was a problem hiding this comment.
What format is used for encoding rpPublicKey?
|
|
||
| The clientEid is a 16-byte EID advertised by the Client. | ||
|
|
||
| The authenticatorEid is a 16-byte EID advertised by the Authenticator. |
There was a problem hiding this comment.
How does the RP retrieve the EID advertised by the Authenticator?
|
It seems Chrome implementation does. |
|
we are closing this because we are hoping it will not be needed. |
|
at 2020-02-26 meeting, we decided to close this because we are sure it wont be needed. |
|
@equalsJeffH What is the standard for this then? |
|
Is this replaced by Bluetooth Smart / Bluetooth Low Energy Technology ? |
This is a counterpart to https://github.com/fido-alliance/fido-2-specs/pull/529/, the FIDO2 cloud-assisted BLE PR. We're not quite sure where the extension should live - FIDO2 or WebAuthN. We're leaning towards WebAuthN, since it is relevant to RPs, but hoping others have some thoughts.
Also, this PR currently has references to sections in the FIDO2 spec that I can either replace with complete explanations or update links to once they're available in the FIDO spec. We figured we would get eyes on it now and clean up along the way.
Note that since this is the first registration extension, this PR also adds RegistrationExtensionsClientInputs/Outputs.
Preview | Diff