Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add compound attestation format #1950

Merged
merged 11 commits into from
Oct 6, 2023
Merged

Add compound attestation format #1950

merged 11 commits into from
Oct 6, 2023

Conversation

timcappalli
Copy link
Member

@timcappalli timcappalli commented Aug 29, 2023
edited by pr-preview bot
Loading

This PR defines a new attestation format, named compound, which allows for multiple attestation statements to be included in a single ceremony.

The primary use case is for passkey providers which need statements about both the key and the app-based provider.

Preview | Diff

@ndpar
Copy link

ndpar commented Aug 29, 2023

Is verification considered successful when all or any attestation statement is valid?

@timcappalli
Copy link
Member Author

timcappalli commented Aug 29, 2023
edited
Loading

Good callout, thanks.

NOTE: this PR is a draft and is not yet ready for review :)

@nadalin nadalin added type:technical @Risk Items that are at risk for L3 labels Aug 30, 2023
@timcappalli timcappalli marked this pull request as ready for review September 6, 2023 02:13
MasterKale
MasterKale reviewed Sep 6, 2023
View reviewed changes
index.bs Outdated Show resolved Hide resolved
@timcappalli
Copy link
Member Author

2023-09-06 call: don't allow empty lists

MasterKale
MasterKale requested changes Sep 19, 2023
View reviewed changes
index.bs Outdated Show resolved Hide resolved
selfissued
selfissued requested changes Sep 20, 2023
View reviewed changes
Copy link
Contributor

@selfissued selfissued left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Attestation formats are defined places other than this specification. Therefore, the IANA WebAuthn Attestation Statement Format Identifiers registry should be cited, rather than "this specification".

index.bs Outdated Show resolved Hide resolved
ve7jtb
ve7jtb approved these changes Sep 27, 2023
View reviewed changes
Copy link
Contributor

@ve7jtb ve7jtb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

emlun
emlun requested changes Oct 4, 2023
View reviewed changes
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
@timcappalli @emlun
attestation types support to any
175ee61 
Co-authored-by: Emil Lundberg <emil@yubico.com>
@timcappalli @emlun
Update CDDL to be more explicit
108db99 
Co-authored-by: Emil Lundberg <emil@yubico.com>
emlun
emlun requested changes Oct 5, 2023
View reviewed changes
index.bs Outdated Show resolved Hide resolved
@timcappalli
Copy link
Member Author

Clear to merge per chair on last call

@timcappalli timcappalli merged commit d9bdee4 into main Oct 6, 2023
2 checks passed
@timcappalli timcappalli deleted the tc-att-compound branch October 6, 2023 14:41
github-actions bot added a commit that referenced this pull request Oct 6, 2023
@timcappalli @github-actions
Merge pull request #1950 from w3c/tc-att-compound
09d7b9d 
SHA: d9bdee4
Reason: push, by timcappalli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akshayku akshayku akshayku approved these changes

@selfissued selfissued selfissued approved these changes

@MasterKale MasterKale MasterKale approved these changes

@emlun emlun emlun approved these changes

@ve7jtb ve7jtb ve7jtb approved these changes

@agl agl agl approved these changes

Assignees

@timcappalli timcappalli

Labels
@Risk Items that are at risk for L3 type:technical
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@timcappalli @ndpar @agl @ve7jtb @nicksteele @emlun @MasterKale @selfissued @akshayku @nadalin