Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Enterprise Attestation
See original GitHub issueAs the title reads, I’m researching how to do enterprise attestation where the the devices serial number is attested to reduce the incidence of spam account creation.
Among other settings, it requires enterprise as the value for credentialCreationData.attestationConveyancePreferenceOption during registration.
I appreciate any insight from the community, and it may turn out this is supported by all good webauthn RP and clients by default. I’m not sure.
Issue Analytics
- State:
- Created 3 months ago
- Comments:6
Top Results From Across the Web
Enterprise Attestation
Attestation in the context of WebAuthn is the ability for a security device to prove its own identity type, and for a backend...
Read more >WebAuthn Level 2 Features and Enhancements
Enterprise Attestation is standardized in WebAuthn and FIDO CTAP2 and permits a relying party to request uniquely identifying information from authenticators ...
Read more >Enterprise Attestation in practice
The enterprise attestation is merely a vehicle to allow enterprises to choose their own extraneous data. The specific mechanics need to be ...
Read more >Web Authentication: An API for accessing Public Key ...
In the WebAuthn context, attestation is employed to attest to the provenance of an authenticator and the data it emits; including, for example: ......
Read more >Klaas van der Leest's Post
Enterprise Attestation has been developed as a framework to provide identity assurance without compromising privacy within enterprise deployments.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Also I have an issue to raise, around how the current JSON seraliser is semi-broken, insofar as it doesn’t work with Swagger client code gen without having to make manual changes to the code generated client.
For starters, the Enum attribute names that are linted above each enum value aren’t respected, so what should be “xyz” is “XYZ” causing a lot of extra frontend work to get it working.
I added
enterpriseas an option in #277. I don’t think there is anything defined for an RP to do with it, it’s more for the client to tell the user that the registration is going to supply the RP with the make/model/serial number of the authenticator, and that the authenticator supply the serial number in the attestation statement so the RP can ensure the user is registering the device with the serial number that was issued to that user.I’ve never actually seen this kind of flow in action with a WebAuthn server, but this is a common scenario with smart card deployments.