Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add compound attestation format #1950

Merged
merged 11 commits into from
Oct 6, 2023
Merged

Add compound attestation format #1950

merged 11 commits into from
Oct 6, 2023

Conversation

timcappalli
Copy link
Member

@timcappalli timcappalli commented Aug 29, 2023

This PR defines a new attestation format, named compound, which allows for multiple attestation statements to be included in a single ceremony.

The primary use case is for passkey providers which need statements about both the key and the app-based provider.


Preview | Diff

@ndpar
Copy link

ndpar commented Aug 29, 2023

Is verification considered successful when all or any attestation statement is valid?

@timcappalli
Copy link
Member Author

timcappalli commented Aug 29, 2023

Good callout, thanks.

NOTE: this PR is a draft and is not yet ready for review :)

@nadalin nadalin added type:technical @Risk Items that are at risk for L3 labels Aug 30, 2023
@timcappalli timcappalli marked this pull request as ready for review September 6, 2023 02:13
index.bs Outdated Show resolved Hide resolved
@timcappalli
Copy link
Member Author

2023-09-06 call: don't allow empty lists

index.bs Outdated Show resolved Hide resolved
Copy link
Contributor

@selfissued selfissued left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Attestation formats are defined places other than this specification. Therefore, the IANA WebAuthn Attestation Statement Format Identifiers registry should be cited, rather than "this specification".

index.bs Outdated Show resolved Hide resolved
Copy link
Contributor

@ve7jtb ve7jtb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
Co-authored-by: Emil Lundberg <emil@yubico.com>
Co-authored-by: Emil Lundberg <emil@yubico.com>
index.bs Outdated Show resolved Hide resolved
@timcappalli
Copy link
Member Author

Clear to merge per chair on last call

@timcappalli timcappalli merged commit d9bdee4 into main Oct 6, 2023
1 check passed
@timcappalli timcappalli deleted the tc-att-compound branch October 6, 2023 14:41
github-actions bot added a commit that referenced this pull request Oct 6, 2023
SHA: d9bdee4
Reason: push, by timcappalli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@Risk Items that are at risk for L3 type:technical
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants