-
Notifications
You must be signed in to change notification settings - Fork 178
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add compound
attestation format
#1950
Conversation
Is verification considered successful when all or any attestation statement is valid? |
Good callout, thanks. NOTE: this PR is a draft and is not yet ready for review :) |
2023-09-06 call: don't allow empty lists |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Attestation formats are defined places other than this specification. Therefore, the IANA WebAuthn Attestation Statement Format Identifiers registry should be cited, rather than "this specification".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Co-authored-by: Emil Lundberg <emil@yubico.com>
Co-authored-by: Emil Lundberg <emil@yubico.com>
Co-authored-by: Emil Lundberg <emil@yubico.com>
Clear to merge per chair on last call |
SHA: d9bdee4 Reason: push, by timcappalli Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This PR defines a new attestation format, named
compound
, which allows for multiple attestation statements to be included in a single ceremony.The primary use case is for passkey providers which need statements about both the key and the app-based provider.
Preview | Diff