Skip to content

Commit

Permalink
Merge pull request #1950 from w3c/tc-att-compound
Browse files Browse the repository at this point in the history
Add `compound` attestation format
  • Loading branch information
timcappalli authored Oct 6, 2023
2 parents b59b425 + e0a4f31 commit d9bdee4
Showing 1 changed file with 39 additions and 0 deletions.
39 changes: 39 additions & 0 deletions index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -6322,6 +6322,45 @@ This attestation statement format is exclusively used by Apple for certain types
5. Verify that the [=credential public key=] equals the Subject Public Key of |credCert|.
6. If successful, return implementation-specific values representing attestation type [=Anonymization CA=] and attestation trust path |x5c|.

## Compound Attestation Statement Format ## {#sctn-compound-attestation}

The "compound" attestation statement format is used to pass multiple, self-contained attestation statements in a single ceremony.


: Attestation statement format identifier
:: compound

: Attestation types supported
:: Any. See [[#sctn-attestation-types]].

: Syntax
:: The syntax of a compound attestation statement is defined as follows:

```
$$attStmtType //= (
fmt: "compound",
attStmt: [2* nonCompoundAttStmt]
)

nonCompoundAttStmt = { $$attStmtType } .within { fmt: text .ne "compound" }
```

: Signing procedure
:: Not applicable

: Verification procedure
:: Given the [=verification procedure inputs=] |attStmt|, |authenticatorData| and |clientDataHash|, the [=verification procedure=] is
as follows:
1. [=list/For each=] |subStmt| of |attStmt|, evaluate the [=verification procedure=]
corresponding to the [=attestation statement format identifier=] <code>|subStmt|.fmt</code>
with [=verification procedure inputs=] |subStmt|, |authenticatorData| and |clientDataHash|.

If validation fails for one or more |subStmt|, decide the appropriate result based on [=[RP]=] policy.

2. If sufficiently many (as determined by [=[RP]=] policy) [=list/items=] of |attStmt| verify successfully,
return implementation-specific values representing any combination of outputs from successful [=verification procedures=].


# <dfn>WebAuthn Extensions</dfn> # {#sctn-extensions}

The mechanism for generating [=public key credentials=], as well as requesting and generating Authentication assertions, as
Expand Down

0 comments on commit d9bdee4

Please sign in to comment.