[Webkit-unassigned] [Bug 203200] New: [WebAuthn] Support appidExclude enrollment extension

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 21 12:31:46 PDT 2019


https://bugs.webkit.org/show_bug.cgi?id=203200

            Bug ID: 203200
           Summary: [WebAuthn] Support appidExclude enrollment extension
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: piperc at google.com

For relying parties that previously enrolled security keys via the U2F enrollment protocol, keys are bound to an application identifier, rather than the relying party id to which WebAuthn enrollments are bound.

Since WebAuthn is meant to be backwards compatible with enrollments via U2F, the authentication extension appid can be provided during authentication [1]. Similarly, to prevent reregistration of the same credential when doing a WebAuthn enrollment, an extension [appidExclude] was added to the WebAuthn specification to first check if a key was enrolled via U2F before completing the WebAuthn enrollment [2][3] and report the key already registered if so.

[1] https://bugs.webkit.org/show_bug.cgi?id=143491
[2] https://github.com/w3c/webauthn/pull/1244
[3] https://w3c.github.io/webauthn/#sctn-appid-exclude-extension

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191021/e48fa26f/attachment.html>


More information about the webkit-unassigned mailing list