-
Notifications
You must be signed in to change notification settings - Fork 178
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
initial text for compound attestation format
- Loading branch information
1 parent
bd68fbf
commit 11429ca
Showing
1 changed file
with
31 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6206,7 +6206,7 @@ if the [=authenticator=] does not support [=attestation=]. | |
attStmt: emptyMap | ||
) | ||
|
||
emptyMap = {} | ||
compound = {} | ||
``` | ||
|
||
: Signing procedure | ||
|
@@ -6264,6 +6264,36 @@ This attestation statement format is exclusively used by Apple for certain types | |
5. Verify that the [=credential public key=] equals the Subject Public Key of |credCert|. | ||
6. If successful, return implementation-specific values representing attestation type [=Anonymization CA=] and attestation trust path |x5c|. | ||
|
||
## Compound Attestation Statement Format ## {#sctn-compound-attestation} | ||
|
||
The "compound" attestation statement format is used to pass multiple, self-contained attestation statements in a single ceremony. | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
timcappalli
Author
Member
|
||
|
||
: Attestation statement format identifier | ||
:: compound | ||
|
||
: Attestation types supported | ||
:: [=Basic=], [=AttCA=], [=Anonymization CA=] | ||
|
||
: Syntax | ||
:: The syntax of a compound attestation statement is defined as follows: | ||
|
||
``` | ||
$$attStmtType //= ( | ||
fmt: "compound", | ||
attStmt: compoundAttStmts | ||
) | ||
|
||
compoundAttStmts = [] | ||
``` | ||
|
||
`compoundAttStmts` MUST NOT contain additional compound attestation statements. | ||
|
||
: Signing procedure | ||
:: Not applicable | ||
|
||
: Verification procedure | ||
:: For every element in the array, validate the attestation statement based on the verification procedure specified for that format (using the `fmt` identifier). | ||
|
||
# <dfn>WebAuthn Extensions</dfn> # {#sctn-extensions} | ||
|
||
The mechanism for generating [=public key credentials=], as well as requesting and generating Authentication assertions, as | ||
|
Attestation formats might not be self-contained, you could receive several statements that are dependent on the validity of other statements received.