-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SupportedCtapOptions does not signal absent (not supported) options #382
Comments
Hm. These tri-state option values don't really make sense in the context of the MDS. Take the
This only makes sense as an Looking through the tri-state options, it looks to me like all of them would make sense as definite, binary Boolean values, but the definition of the tri-state values would have to change so that Thanks for bringing this up! I'll raise the issue with our colleagues in the FIDO MDS working group and see where that leads. If the MDS data definition changes to use binary values, then no change to the library may be needed; if the MDS definition remains, we'll have to update the internal parsing logic but should be able to keep the data model unchanged. |
Unrelated to the previous reply - please also note that inspecting just the |
Thanks, @emlun. Your point about an individual authenticator responding with its current capabilities versus the capabilities of an authenticator model in the MDS, makes perfect sense. The text in the MDS spec is perhaps a little confusing around this:
*Maybe it has just confused me, not sure. And, many thanks for the advice on UV. I've been battling with this today, this helps a lot. I'll turn off this registration policy for now, and wait to see what is decided. EDIT: I just realized you already addressed my confusion about the 'authenticatorGetInfo' text in your initial response. Please disregard that. |
Hi @emlun, I was just wondering if there were any updates from the WG on this (realising these things take time, so I'm not necessarily expecting there are). |
Hi, sorry for not updating. In short the response from the MDS WG is that the MDS data model won't change, so we'll have to adjust the parsing logic in |
From the CTAP specs you should be able to tell if an authenticator does not support, say, user verification because the
uv
flag is absent. So there are three states, true and false, which signals the authenticator supports uv, and absent, which signals the authenticator does not support uv.I assumed this was the same as what is represented in FIDO metadata. Some authenticators have true, some false, and for others it is absent. If that is what it means, I am not sure this is represented in the
SupportedCtapOptions
class, as they are all primitive booleans defaulting to false.The text was updated successfully, but these errors were encountered: