From d21314e3feab91fd35f5550b018a96a919d330b4 Mon Sep 17 00:00:00 2001 From: Emil Lundberg <emil@yubico.com> Date: Wed, 15 Nov 2023 20:13:13 +0000 Subject: [PATCH] Merge pull request #1855 from w3c/issue-1848-challenge-timeout SHA: d4510f85116130c2bb2f2e9f6bd21819db111c51 Reason: push, by emlun Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- index.html | 56 +++++++++++++++++++++++++++++------------------------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/index.html b/index.html index 469e76c02..31d7e393d 100644 --- a/index.html +++ b/index.html @@ -6,7 +6,7 @@ <meta content="ED" name="w3c-status"> <meta content="Bikeshed version 82ce88815, updated Thu Sep 7 16:33:55 2023 -0700" name="generator"> <link href="https://www.w3.org/TR/webauthn-3/" rel="canonical"> - <meta content="28d90b20ab307cde506d193ddb466e340804019f" name="document-revision"> + <meta content="d4510f85116130c2bb2f2e9f6bd21819db111c51" name="document-revision"> <style type="text/css"> body { counter-reset: table; @@ -914,7 +914,7 @@ <div class="head"> <p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2021/logos/W3C" width="72"> </a> </p> <h1>Web Authentication:<br>An API for accessing Public Key Credentials<br>Level 3</h1> - <p id="w3c-state"><a href="https://www.w3.org/standards/types#ED">Editor’s Draft</a>, <time class="dt-updated" datetime="2023-10-11">11 October 2023</time></p> + <p id="w3c-state"><a href="https://www.w3.org/standards/types#ED">Editor’s Draft</a>, <time class="dt-updated" datetime="2023-11-15">15 November 2023</time></p> <details open> <summary>More details about this document</summary> <div data-fill-with="spec-metadata"> @@ -964,7 +964,7 @@ <h1>Web Authentication:<br>An API for accessing Public Key Credentials<br>Level </div> </details> <div data-fill-with="warning"></div> - <p class="copyright" data-fill-with="copyright"><a href="https://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2023 <a href="https://www.w3.org/">World Wide Web Consortium</a>. <abbr title="World Wide Web Consortium">W3C</abbr><sup>®</sup> <a href="https://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="https://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="https://www.w3.org/Consortium/Legal/copyright-software" rel="license" title="W3C Software and Document License">permissive document license</a> rules apply. </p> + <p class="copyright" data-fill-with="copyright"><a href="https://www.w3.org/policies/#copyright">Copyright</a> © 2023 <a href="https://www.w3.org/">World Wide Web Consortium</a>. <abbr title="World Wide Web Consortium">W3C</abbr><sup>®</sup> <a href="https://www.w3.org/policies/#Legal_Disclaimer">liability</a>, <a href="https://www.w3.org/policies/#W3C_Trademarks">trademark</a> and <a href="https://www.w3.org/copyright/software-license/" rel="license" title="W3C Software and Document License">permissive document license</a> rules apply. </p> <hr title="Separator for header"> </div> <div class="p-summary" data-fill-with="abstract"> @@ -995,7 +995,7 @@ <h2 class="no-num no-toc no-ref heading settled" id="sotd"><span class="content" includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains <a href="https://www.w3.org/Consortium/Patent-Policy/#def-essential">Essential Claim(s)</a> must disclose the information in accordance with <a href="https://www.w3.org/Consortium/Patent-Policy/#sec-Disclosure">section 6 of the <abbr title="World Wide Web Consortium">W3C</abbr> Patent Policy</a>. </p> - <p> This document is governed by the <a href="https://www.w3.org/2023/Process-20230612/" id="w3c_process_revision">12 June 2023 W3C Process Document</a>. </p> + <p> This document is governed by the <a href="https://www.w3.org/2023/Process-20231103/" id="w3c_process_revision">03 November 2023 W3C Process Document</a>. </p> <p></p> </div> <div data-fill-with="at-risk"></div> @@ -1316,7 +1316,11 @@ <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2> <li><a href="#sctn-credential-id-privacy-leak"><span class="secno">14.6.3</span> <span class="content">Privacy leak via credential IDs</span></a> </ol> </ol> - <li><a href="#sctn-accessiblility-considerations"><span class="secno">15</span> <span class="content">Accessibility Considerations</span></a> + <li> + <a href="#sctn-accessiblility-considerations"><span class="secno">15</span> <span class="content">Accessibility Considerations</span></a> + <ol class="toc"> + <li><a href="#sctn-timeout-recommended-range"><span class="secno">15.1</span> <span class="content">Recommended Range for Ceremony Timeouts</span></a> + </ol> <li><a href="#sctn-acknowledgements"><span class="secno">16</span> <span class="content">Acknowledgements</span></a> <li> <a href="#index"><span class="secno"></span> <span class="content">Index</span></a> @@ -2610,13 +2614,7 @@ <h4 class="heading settled" data-level="5.1.3" id="sctn-createCredential"><span <p>If <code><var>pkOptions</var>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialcreationoptions-timeout" id="ref-for-dom-publickeycredentialcreationoptions-timeout">timeout</a></code></code> is present, check if its value lies within a reasonable range as defined by the <a data-link-type="dfn" href="#client" id="ref-for-client①⑦">client</a> and if not, correct it to the closest value lying within that range. Set a timer <var>lifetimeTimer</var> to this adjusted value. If <code><var>pkOptions</var>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialcreationoptions-timeout" id="ref-for-dom-publickeycredentialcreationoptions-timeout①">timeout</a></code></code> is not present, then set <var>lifetimeTimer</var> to a <a data-link-type="dfn" href="#client" id="ref-for-client①⑧">client</a>-specific default.</p> - <p>Recommended ranges and defaults for <code><var>pkOptions</var>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialcreationoptions-timeout" id="ref-for-dom-publickeycredentialcreationoptions-timeout②">timeout</a></code></code> are as follows.</p> - <ul> - <li data-md> - <p>Recommended range: 300000 milliseconds to 600000 milliseconds.</p> - <li data-md> - <p>Recommended default value: 300000 milliseconds (5 minutes).</p> - </ul> + <p>See the <a data-link-type="dfn" href="#recommended-range-and-default-for-a-webauthn-ceremony-timeout" id="ref-for-recommended-range-and-default-for-a-webauthn-ceremony-timeout">recommended range and default for a WebAuthn ceremony timeout</a> for guidance on deciding a reasonable range and default for <code><var>pkOptions</var>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialcreationoptions-timeout" id="ref-for-dom-publickeycredentialcreationoptions-timeout②">timeout</a></code></code>.</p> <p class="note" role="note"><span class="marker">Note:</span> The user agent should take cognitive guidelines into considerations regarding timeout for users with special needs.</p> <li data-md> <p>If the length of <code><var>pkOptions</var>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialcreationoptions-user" id="ref-for-dom-publickeycredentialcreationoptions-user①">user</a></code>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialuserentity-id" id="ref-for-dom-publickeycredentialuserentity-id①">id</a></code></code> is not between 1 and 64 bytes (inclusive) then throw a <code class="idl"><a data-link-type="idl" href="https://webidl.spec.whatwg.org/#exceptiondef-typeerror" id="ref-for-exceptiondef-typeerror">TypeError</a></code>.</p> @@ -3057,13 +3055,7 @@ <h5 class="heading settled" data-level="5.1.4.1" id="sctn-discover-from-external <p>If <code><var>pkOptions</var>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialrequestoptions-timeout" id="ref-for-dom-publickeycredentialrequestoptions-timeout">timeout</a></code></code> is present, check if its value lies within a reasonable range as defined by the <a data-link-type="dfn" href="#client" id="ref-for-client②②">client</a> and if not, correct it to the closest value lying within that range. Set a timer <var>lifetimeTimer</var> to this adjusted value. If <code><var>pkOptions</var>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialrequestoptions-timeout" id="ref-for-dom-publickeycredentialrequestoptions-timeout①">timeout</a></code></code> is not present, then set <var>lifetimeTimer</var> to a <a data-link-type="dfn" href="#client" id="ref-for-client②③">client</a>-specific default.</p> - <p>Recommended ranges and defaults for <code><var>pkOptions</var>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialrequestoptions-timeout" id="ref-for-dom-publickeycredentialrequestoptions-timeout②">timeout</a></code></code> are as follows.</p> - <ul> - <li data-md> - <p>Recommended range: 300000 milliseconds to 600000 milliseconds.</p> - <li data-md> - <p>Recommended default value: 300000 milliseconds (5 minutes).</p> - </ul> + <p>See the <a data-link-type="dfn" href="#recommended-range-and-default-for-a-webauthn-ceremony-timeout" id="ref-for-recommended-range-and-default-for-a-webauthn-ceremony-timeout①">recommended range and default for a WebAuthn ceremony timeout</a> for guidance on deciding a reasonable range and default for <code><var>pkOptions</var>.<code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialrequestoptions-timeout" id="ref-for-dom-publickeycredentialrequestoptions-timeout②">timeout</a></code></code>.</p> <p class="note" role="note"><span class="marker">Note:</span> The user agent should take cognitive guidelines into considerations regarding timeout for users with special needs.</p> </ol> <li data-md> @@ -8510,6 +8502,8 @@ <h4 class="heading settled" data-level="13.4.3" id="sctn-cryptographic-challenge upon a client’s behavior, e.g., the <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party③⑦⑥">Relying Party</a> SHOULD store the challenge temporarily until the operation is complete. Tolerating a mismatch will compromise the security of the protocol.</p> + <p>Challenges SHOULD be valid for a duration similar to the +upper limit of the <a data-link-type="dfn" href="#recommended-range-and-default-for-a-webauthn-ceremony-timeout" id="ref-for-recommended-range-and-default-for-a-webauthn-ceremony-timeout②">recommended range and default for a WebAuthn ceremony timeout</a>.</p> <p>In order to prevent replay attacks, the challenges MUST contain enough entropy to make guessing them infeasible. Challenges SHOULD therefore be at least 16 bytes long.</p> <h4 class="heading settled" data-level="13.4.4" id="sctn-attestation-limitations"><span class="secno">13.4.4. </span><span class="content">Attestation Limitations</span><a class="self-link" href="#sctn-attestation-limitations"></a></h4> @@ -8860,7 +8854,15 @@ <h4 class="heading settled" data-level="14.6.3" id="sctn-credential-id-privacy-l <h2 class="heading settled" data-level="15" id="sctn-accessiblility-considerations"><span class="secno">15. </span><span class="content">Accessibility Considerations</span><a class="self-link" href="#sctn-accessiblility-considerations"></a></h2> <p><a data-link-type="dfn" href="#user-verification" id="ref-for-user-verification⑥③">User verification</a>-capable <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③④⑦">authenticators</a>, whether <a data-link-type="dfn" href="#roaming-authenticators" id="ref-for-roaming-authenticators②⑥">roaming</a> or <a data-link-type="dfn" href="#platform-authenticators" id="ref-for-platform-authenticators③⑤">platform</a>, should offer users more than one user verification method. For example, both fingerprint sensing and PIN entry. This allows for fallback to other user verification means if the selected one is not working for some reason. Note that in the case of <a data-link-type="dfn" href="#roaming-authenticators" id="ref-for-roaming-authenticators②⑦">roaming authenticators</a>, the authenticator and platform might work together to provide a user verification method such as PIN entry <a data-link-type="biblio" href="#biblio-fido-ctap" title="Client to Authenticator Protocol (CTAP)">[FIDO-CTAP]</a>.</p> <p><a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party④⑤⑨">Relying Parties</a>, at <a data-link-type="dfn" href="#registration" id="ref-for-registration②⑦">registration</a> time, SHOULD provide affordances for users to complete future <a data-link-type="dfn" href="#authorization-gesture" id="ref-for-authorization-gesture③⓪">authorization gestures</a> correctly. This could involve naming the authenticator, choosing a picture to associate with the device, or entering freeform text instructions (e.g., as a reminder-to-self).</p> + <h3 class="heading settled" data-level="15.1" id="sctn-timeout-recommended-range"><span class="secno">15.1. </span><span class="content">Recommended Range for Ceremony Timeouts</span><a class="self-link" href="#sctn-timeout-recommended-range"></a></h3> <p><a data-link-type="dfn" href="#ceremony" id="ref-for-ceremony①⑧">Ceremonies</a> relying on timing, e.g., a <a data-link-type="dfn" href="#registration-ceremony" id="ref-for-registration-ceremony②④">registration ceremony</a> (see <code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialcreationoptions-timeout" id="ref-for-dom-publickeycredentialcreationoptions-timeout④">timeout</a></code>) or an <a data-link-type="dfn" href="#authentication-ceremony" id="ref-for-authentication-ceremony④⑥">authentication ceremony</a> (see <code class="idl"><a data-link-type="idl" href="#dom-publickeycredentialrequestoptions-timeout" id="ref-for-dom-publickeycredentialrequestoptions-timeout④">timeout</a></code>), ought to follow <a data-link-type="biblio" href="#biblio-wcag21" title="Web Content Accessibility Guidelines (WCAG) 2.1">[WCAG21]</a>'s <a href="https://www.w3.org/TR/WCAG21/#enough-time">Guideline 2.2 Enough Time</a>. If a <a data-link-type="dfn" href="#client-platform" id="ref-for-client-platform⑤⑦">client platform</a> determines that a <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party④⑥⓪">Relying Party</a>-supplied timeout does not appropriately adhere to the latter <a data-link-type="biblio" href="#biblio-wcag21" title="Web Content Accessibility Guidelines (WCAG) 2.1">[WCAG21]</a> guidelines, then the <a data-link-type="dfn" href="#client-platform" id="ref-for-client-platform⑤⑧">client platform</a> MAY adjust the timeout accordingly.</p> + <p>The <dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="recommended-range-and-default-for-a-webauthn-ceremony-timeout">recommended range and default for a WebAuthn ceremony timeout</dfn> is as follows:</p> + <ul> + <li data-md> + <p>Recommended range: 300000 milliseconds to 600000 milliseconds.</p> + <li data-md> + <p>Recommended default value: 300000 milliseconds (5 minutes).</p> + </ul> <h2 class="heading settled" data-level="16" id="sctn-acknowledgements"><span class="secno">16. </span><span class="content">Acknowledgements</span><a class="self-link" href="#sctn-acknowledgements"></a></h2> We thank the following people for their reviews of, and contributions to, this specification: Yuriy Ackermann, @@ -9401,6 +9403,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c <li><a href="#dom-registrationresponsejson-rawid">dict-member for RegistrationResponseJSON</a><span>, in § 5.1</span> </ul> <li><a href="#dom-authenticationextensionslargeblobinputs-read">read</a><span>, in § 10.1.5</span> + <li><a href="#recommended-range-and-default-for-a-webauthn-ceremony-timeout">recommended range and default for a WebAuthn ceremony timeout</a><span>, in § 15.1</span> <li><a href="#registration">Registration</a><span>, in § 4</span> <li><a href="#registration-ceremony">Registration Ceremony</a><span>, in § 4</span> <li><a href="#registration-extension">registration extension</a><span>, in § 9</span> @@ -11202,7 +11205,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content window.dfnpanelData['attestation-private-key'] = {"dfnID": "attestation-private-key", "url": "#attestation-private-key", "dfnText": "attestation private key", "refSections": [{"refs": [{"id": "ref-for-attestation-private-key"}], "title": "6. WebAuthn Authenticator Model"}, {"refs": [{"id": "ref-for-attestation-private-key\u2460"}], "title": "6.5. Attestation"}, {"refs": [{"id": "ref-for-attestation-private-key\u2461"}], "title": "6.5.4. Attestation Types"}, {"refs": [{"id": "ref-for-attestation-private-key\u2462"}], "title": "8.2. Packed Attestation Statement Format"}, {"refs": [{"id": "ref-for-attestation-private-key\u2463"}], "title": "10.2.2.2. Extension Definition"}, {"refs": [{"id": "ref-for-attestation-private-key\u2464"}, {"id": "ref-for-attestation-private-key\u2465"}], "title": "13.3.2. Attestation Certificate and Attestation Certificate CA Compromise"}, {"refs": [{"id": "ref-for-attestation-private-key\u2466"}, {"id": "ref-for-attestation-private-key\u2467"}, {"id": "ref-for-attestation-private-key\u2468"}], "title": "14.4.1. Attestation Privacy"}], "external": false}; window.dfnpanelData['attestation-public-key'] = {"dfnID": "attestation-public-key", "url": "#attestation-public-key", "dfnText": "attestation public key", "refSections": [{"refs": [{"id": "ref-for-attestation-public-key"}], "title": "6.5. Attestation"}, {"refs": [{"id": "ref-for-attestation-public-key\u2460"}], "title": "13.3.2. Attestation Certificate and Attestation Certificate CA Compromise"}], "external": false}; window.dfnpanelData['authentication'] = {"dfnID": "authentication", "url": "#authentication", "dfnText": "Authentication", "refSections": [{"refs": [{"id": "ref-for-authentication"}, {"id": "ref-for-authentication\u2460"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-authentication\u2461"}], "title": "1.1. Specification Roadmap"}, {"refs": [{"id": "ref-for-authentication\u2462"}, {"id": "ref-for-authentication\u2463"}, {"id": "ref-for-authentication\u2464"}, {"id": "ref-for-authentication\u2465"}, {"id": "ref-for-authentication\u2466"}, {"id": "ref-for-authentication\u2467"}, {"id": "ref-for-authentication\u2468"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-authentication\u2460\u24ea"}], "title": "5. Web Authentication API"}, {"refs": [{"id": "ref-for-authentication\u2460\u2460"}, {"id": "ref-for-authentication\u2460\u2461"}], "title": "6.2.1. Authenticator Attachment Modality"}, {"refs": [{"id": "ref-for-authentication\u2460\u2462"}], "title": "10.1.1. FIDO AppID Extension (appid)"}, {"refs": [{"id": "ref-for-authentication\u2460\u2463"}], "title": "10.1.4. Pseudo-random function extension (prf)"}, {"refs": [{"id": "ref-for-authentication\u2460\u2464"}], "title": "13. Security Considerations"}, {"refs": [{"id": "ref-for-authentication\u2460\u2465"}], "title": "14.2. Anonymous, Scoped, Non-correlatable Public Key Credentials"}, {"refs": [{"id": "ref-for-authentication\u2460\u2466"}], "title": "14.3. Authenticator-local Biometric Recognition"}, {"refs": [{"id": "ref-for-authentication\u2460\u2467"}], "title": "14.6.2. Username Enumeration"}, {"refs": [{"id": "ref-for-authentication\u2460\u2468"}], "title": "16. Acknowledgements"}], "external": false}; -window.dfnpanelData['authentication-ceremony'] = {"dfnID": "authentication-ceremony", "url": "#authentication-ceremony", "dfnText": "Authentication Ceremony", "refSections": [{"refs": [{"id": "ref-for-authentication-ceremony"}, {"id": "ref-for-authentication-ceremony\u2460"}, {"id": "ref-for-authentication-ceremony\u2461"}, {"id": "ref-for-authentication-ceremony\u2462"}, {"id": "ref-for-authentication-ceremony\u2463"}, {"id": "ref-for-authentication-ceremony\u2464"}, {"id": "ref-for-authentication-ceremony\u2465"}, {"id": "ref-for-authentication-ceremony\u2466"}, {"id": "ref-for-authentication-ceremony\u2467"}, {"id": "ref-for-authentication-ceremony\u2468"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u24ea"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u2460"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u2461"}], "title": "5.2.2. Web Authentication Assertion (interface AuthenticatorAssertionResponse)"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u2462"}, {"id": "ref-for-authentication-ceremony\u2460\u2463"}, {"id": "ref-for-authentication-ceremony\u2460\u2464"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u2465"}], "title": "5.4.5. Authenticator Attachment Enumeration (enum AuthenticatorAttachment)"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u2466"}, {"id": "ref-for-authentication-ceremony\u2460\u2467"}, {"id": "ref-for-authentication-ceremony\u2460\u2468"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2461\u24ea"}], "title": "5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2461\u2460"}], "title": "6.2.1. Authenticator Attachment Modality"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2461\u2461"}, {"id": "ref-for-authentication-ceremony\u2461\u2462"}], "title": "6.2.3. Authentication Factor Capability"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2461\u2463"}], "title": "7. WebAuthn Relying Party Operations"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2461\u2464"}, {"id": "ref-for-authentication-ceremony\u2461\u2465"}, {"id": "ref-for-authentication-ceremony\u2461\u2466"}, {"id": "ref-for-authentication-ceremony\u2461\u2467"}, {"id": "ref-for-authentication-ceremony\u2461\u2468"}, {"id": "ref-for-authentication-ceremony\u2462\u24ea"}, {"id": "ref-for-authentication-ceremony\u2462\u2460"}], "title": "7.2. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2461"}], "title": "13.4.1. Security Benefits for WebAuthn Relying Parties"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2462"}, {"id": "ref-for-authentication-ceremony\u2462\u2463"}], "title": "13.4.4. Attestation Limitations"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2464"}, {"id": "ref-for-authentication-ceremony\u2462\u2465"}], "title": "13.4.7. Unprotected account detection"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2466"}], "title": "14.4.2. Privacy of personally identifying information Stored in Authenticators"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2467"}], "title": "14.5.2. Authentication Ceremony Privacy"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2468"}, {"id": "ref-for-authentication-ceremony\u2463\u24ea"}, {"id": "ref-for-authentication-ceremony\u2463\u2460"}, {"id": "ref-for-authentication-ceremony\u2463\u2461"}, {"id": "ref-for-authentication-ceremony\u2463\u2462"}], "title": "14.6.2. Username Enumeration"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2463\u2463"}, {"id": "ref-for-authentication-ceremony\u2463\u2464"}], "title": "14.6.3. Privacy leak via credential IDs"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2463\u2465"}], "title": "15. Accessibility Considerations"}], "external": false}; +window.dfnpanelData['authentication-ceremony'] = {"dfnID": "authentication-ceremony", "url": "#authentication-ceremony", "dfnText": "Authentication Ceremony", "refSections": [{"refs": [{"id": "ref-for-authentication-ceremony"}, {"id": "ref-for-authentication-ceremony\u2460"}, {"id": "ref-for-authentication-ceremony\u2461"}, {"id": "ref-for-authentication-ceremony\u2462"}, {"id": "ref-for-authentication-ceremony\u2463"}, {"id": "ref-for-authentication-ceremony\u2464"}, {"id": "ref-for-authentication-ceremony\u2465"}, {"id": "ref-for-authentication-ceremony\u2466"}, {"id": "ref-for-authentication-ceremony\u2467"}, {"id": "ref-for-authentication-ceremony\u2468"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u24ea"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u2460"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u2461"}], "title": "5.2.2. Web Authentication Assertion (interface AuthenticatorAssertionResponse)"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u2462"}, {"id": "ref-for-authentication-ceremony\u2460\u2463"}, {"id": "ref-for-authentication-ceremony\u2460\u2464"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u2465"}], "title": "5.4.5. Authenticator Attachment Enumeration (enum AuthenticatorAttachment)"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2460\u2466"}, {"id": "ref-for-authentication-ceremony\u2460\u2467"}, {"id": "ref-for-authentication-ceremony\u2460\u2468"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2461\u24ea"}], "title": "5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2461\u2460"}], "title": "6.2.1. Authenticator Attachment Modality"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2461\u2461"}, {"id": "ref-for-authentication-ceremony\u2461\u2462"}], "title": "6.2.3. Authentication Factor Capability"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2461\u2463"}], "title": "7. WebAuthn Relying Party Operations"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2461\u2464"}, {"id": "ref-for-authentication-ceremony\u2461\u2465"}, {"id": "ref-for-authentication-ceremony\u2461\u2466"}, {"id": "ref-for-authentication-ceremony\u2461\u2467"}, {"id": "ref-for-authentication-ceremony\u2461\u2468"}, {"id": "ref-for-authentication-ceremony\u2462\u24ea"}, {"id": "ref-for-authentication-ceremony\u2462\u2460"}], "title": "7.2. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2461"}], "title": "13.4.1. Security Benefits for WebAuthn Relying Parties"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2462"}, {"id": "ref-for-authentication-ceremony\u2462\u2463"}], "title": "13.4.4. Attestation Limitations"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2464"}, {"id": "ref-for-authentication-ceremony\u2462\u2465"}], "title": "13.4.7. Unprotected account detection"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2466"}], "title": "14.4.2. Privacy of personally identifying information Stored in Authenticators"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2467"}], "title": "14.5.2. Authentication Ceremony Privacy"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2462\u2468"}, {"id": "ref-for-authentication-ceremony\u2463\u24ea"}, {"id": "ref-for-authentication-ceremony\u2463\u2460"}, {"id": "ref-for-authentication-ceremony\u2463\u2461"}, {"id": "ref-for-authentication-ceremony\u2463\u2462"}], "title": "14.6.2. Username Enumeration"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2463\u2463"}, {"id": "ref-for-authentication-ceremony\u2463\u2464"}], "title": "14.6.3. Privacy leak via credential IDs"}, {"refs": [{"id": "ref-for-authentication-ceremony\u2463\u2465"}], "title": "15.1. Recommended Range for Ceremony Timeouts"}], "external": false}; window.dfnpanelData['authentication-assertion'] = {"dfnID": "authentication-assertion", "url": "#authentication-assertion", "dfnText": "Authentication Assertion", "refSections": [{"refs": [{"id": "ref-for-authentication-assertion"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-authentication-assertion\u2460"}, {"id": "ref-for-authentication-assertion\u2461"}, {"id": "ref-for-authentication-assertion\u2462"}, {"id": "ref-for-authentication-assertion\u2463"}, {"id": "ref-for-authentication-assertion\u2464"}, {"id": "ref-for-authentication-assertion\u2465"}, {"id": "ref-for-authentication-assertion\u2466"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-authentication-assertion\u2467"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-authentication-assertion\u2468"}], "title": "5.1.4. Use an Existing Credential to Make an Assertion - PublicKeyCredential\u2019s [[Get]](options) Method"}, {"refs": [{"id": "ref-for-authentication-assertion\u2460\u24ea"}], "title": "5.2.1.1. Easily accessing credential data"}, {"refs": [{"id": "ref-for-authentication-assertion\u2460\u2460"}], "title": "5.2.2. Web Authentication Assertion (interface AuthenticatorAssertionResponse)"}, {"refs": [{"id": "ref-for-authentication-assertion\u2460\u2461"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-authentication-assertion\u2460\u2462"}], "title": "9. WebAuthn Extensions"}, {"refs": [{"id": "ref-for-authentication-assertion\u2460\u2463"}, {"id": "ref-for-authentication-assertion\u2460\u2464"}], "title": "13.2. Physical Proximity between Client and Authenticator"}, {"refs": [{"id": "ref-for-authentication-assertion\u2460\u2465"}], "title": "13.4.4. Attestation Limitations"}, {"refs": [{"id": "ref-for-authentication-assertion\u2460\u2466"}], "title": "13.4.8. Code injection attacks"}], "external": false}; window.dfnpanelData['assertion'] = {"dfnID": "assertion", "url": "#assertion", "dfnText": "Assertion", "refSections": [{"refs": [{"id": "ref-for-assertion"}, {"id": "ref-for-assertion\u2460"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-assertion\u2461"}], "title": "5.1.4. Use an Existing Credential to Make an Assertion - PublicKeyCredential\u2019s [[Get]](options) Method"}, {"refs": [{"id": "ref-for-assertion\u2462"}], "title": "6.1. Authenticator Data"}, {"refs": [{"id": "ref-for-assertion\u2463"}, {"id": "ref-for-assertion\u2464"}], "title": "6.5.1. Attestation in assertions"}, {"refs": [{"id": "ref-for-assertion\u2465"}, {"id": "ref-for-assertion\u2466"}], "title": "10.1.1. FIDO AppID Extension (appid)"}, {"refs": [{"id": "ref-for-assertion\u2467"}, {"id": "ref-for-assertion\u2468"}, {"id": "ref-for-assertion\u2460\u24ea"}, {"id": "ref-for-assertion\u2460\u2460"}], "title": "10.1.4. Pseudo-random function extension (prf)"}, {"refs": [{"id": "ref-for-assertion\u2460\u2461"}, {"id": "ref-for-assertion\u2460\u2462"}], "title": "10.2.2.1. Relying Party Usage"}, {"refs": [{"id": "ref-for-assertion\u2460\u2463"}], "title": "13.1. Credential ID Unsigned"}, {"refs": [{"id": "ref-for-assertion\u2460\u2464"}], "title": "13.4.7. Unprotected account detection"}, {"refs": [{"id": "ref-for-assertion\u2460\u2465"}], "title": "14.3. Authenticator-local Biometric Recognition"}], "external": false}; window.dfnpanelData['authenticator'] = {"dfnID": "authenticator", "url": "#authenticator", "dfnText": "Authenticator", "refSections": [{"refs": [{"id": "ref-for-authenticator\u2464"}, {"id": "ref-for-authenticator\u2465"}, {"id": "ref-for-authenticator\u2466"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-authenticator\u2467"}, {"id": "ref-for-authenticator\u2468"}, {"id": "ref-for-authenticator\u2460\u24ea"}, {"id": "ref-for-authenticator\u2460\u2460"}, {"id": "ref-for-authenticator\u2460\u2461"}, {"id": "ref-for-authenticator\u2460\u2462"}, {"id": "ref-for-authenticator\u2460\u2463"}, {"id": "ref-for-authenticator\u2460\u2464"}], "title": "1.1. Specification Roadmap"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2465"}], "title": "1.2. Use Cases"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2466"}], "title": "1.2.3. New Device Registration"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2467"}, {"id": "ref-for-authenticator\u2460\u2468"}, {"id": "ref-for-authenticator\u2461\u24ea"}, {"id": "ref-for-authenticator\u2461\u2460"}], "title": "1.3.5. Decommissioning"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2461"}], "title": "2.2.1. Backwards Compatibility with FIDO U2F"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2462"}, {"id": "ref-for-authenticator\u2461\u2463"}, {"id": "ref-for-authenticator\u2461\u2464"}, {"id": "ref-for-authenticator\u2461\u2465"}, {"id": "ref-for-authenticator\u2461\u2466"}, {"id": "ref-for-authenticator\u2461\u2467"}, {"id": "ref-for-authenticator\u2461\u2468"}, {"id": "ref-for-authenticator\u2462\u24ea"}, {"id": "ref-for-authenticator\u2462\u2460"}, {"id": "ref-for-authenticator\u2462\u2461"}, {"id": "ref-for-authenticator\u2462\u2462"}, {"id": "ref-for-authenticator\u2462\u2463"}, {"id": "ref-for-authenticator\u2462\u2464"}, {"id": "ref-for-authenticator\u2462\u2465"}, {"id": "ref-for-authenticator\u2462\u2466"}, {"id": "ref-for-authenticator\u2462\u2467"}, {"id": "ref-for-authenticator\u2462\u2468"}, {"id": "ref-for-authenticator\u2463\u24ea"}, {"id": "ref-for-authenticator\u2463\u2460"}, {"id": "ref-for-authenticator\u2463\u2461"}, {"id": "ref-for-authenticator\u2463\u2462"}, {"id": "ref-for-authenticator\u2463\u2463"}, {"id": "ref-for-authenticator\u2463\u2464"}, {"id": "ref-for-authenticator\u2463\u2465"}, {"id": "ref-for-authenticator\u2463\u2466"}, {"id": "ref-for-authenticator\u2463\u2467"}, {"id": "ref-for-authenticator\u2463\u2468"}, {"id": "ref-for-authenticator\u2464\u24ea"}, {"id": "ref-for-authenticator\u2464\u2460"}, {"id": "ref-for-authenticator\u2464\u2461"}, {"id": "ref-for-authenticator\u2464\u2462"}, {"id": "ref-for-authenticator\u2464\u2463"}, {"id": "ref-for-authenticator\u2464\u2464"}, {"id": "ref-for-authenticator\u2464\u2465"}, {"id": "ref-for-authenticator\u2464\u2466"}, {"id": "ref-for-authenticator\u2464\u2467"}, {"id": "ref-for-authenticator\u2464\u2468"}, {"id": "ref-for-authenticator\u2465\u24ea"}, {"id": "ref-for-authenticator\u2465\u2460"}, {"id": "ref-for-authenticator\u2465\u2461"}, {"id": "ref-for-authenticator\u2465\u2462"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-authenticator\u2465\u2463"}, {"id": "ref-for-authenticator\u2465\u2464"}, {"id": "ref-for-authenticator\u2465\u2465"}], "title": "5. Web Authentication API"}, {"refs": [{"id": "ref-for-authenticator\u2465\u2466"}, {"id": "ref-for-authenticator\u2465\u2467"}, {"id": "ref-for-authenticator\u2465\u2468"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-authenticator\u2466\u24ea"}, {"id": "ref-for-authenticator\u2466\u2460"}, {"id": "ref-for-authenticator\u2466\u2461"}, {"id": "ref-for-authenticator\u2466\u2462"}, {"id": "ref-for-authenticator\u2466\u2463"}, {"id": "ref-for-authenticator\u2466\u2464"}, {"id": "ref-for-authenticator\u2466\u2465"}, {"id": "ref-for-authenticator\u2466\u2466"}, {"id": "ref-for-authenticator\u2466\u2467"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-authenticator\u2466\u2468"}, {"id": "ref-for-authenticator\u2467\u24ea"}, {"id": "ref-for-authenticator\u2467\u2460"}, {"id": "ref-for-authenticator\u2467\u2461"}, {"id": "ref-for-authenticator\u2467\u2462"}, {"id": "ref-for-authenticator\u2467\u2463"}, {"id": "ref-for-authenticator\u2467\u2464"}, {"id": "ref-for-authenticator\u2467\u2465"}, {"id": "ref-for-authenticator\u2467\u2466"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-authenticator\u2467\u2467"}, {"id": "ref-for-authenticator\u2467\u2468"}, {"id": "ref-for-authenticator\u2468\u24ea"}, {"id": "ref-for-authenticator\u2468\u2460"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-authenticator\u2468\u2461"}], "title": "5.2. Authenticator Responses (interface AuthenticatorResponse)"}, {"refs": [{"id": "ref-for-authenticator\u2468\u2462"}, {"id": "ref-for-authenticator\u2468\u2463"}, {"id": "ref-for-authenticator\u2468\u2464"}], "title": "5.2.1. Information About Public Key Credential (interface AuthenticatorAttestationResponse)"}, {"refs": [{"id": "ref-for-authenticator\u2468\u2465"}, {"id": "ref-for-authenticator\u2468\u2466"}], "title": "5.2.1.1. Easily accessing credential data"}, {"refs": [{"id": "ref-for-authenticator\u2468\u2467"}, {"id": "ref-for-authenticator\u2468\u2468"}], "title": "5.2.2. Web Authentication Assertion (interface AuthenticatorAssertionResponse)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u24ea\u24ea"}, {"id": "ref-for-authenticator\u2460\u24ea\u2460"}, {"id": "ref-for-authenticator\u2460\u24ea\u2461"}, {"id": "ref-for-authenticator\u2460\u24ea\u2462"}, {"id": "ref-for-authenticator\u2460\u24ea\u2463"}, {"id": "ref-for-authenticator\u2460\u24ea\u2464"}, {"id": "ref-for-authenticator\u2460\u24ea\u2465"}, {"id": "ref-for-authenticator\u2460\u24ea\u2466"}, {"id": "ref-for-authenticator\u2460\u24ea\u2467"}, {"id": "ref-for-authenticator\u2460\u24ea\u2468"}, {"id": "ref-for-authenticator\u2460\u2460\u24ea"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2460\u2460"}], "title": "5.4.1. Public Key Entity Description (dictionary PublicKeyCredentialEntity)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2460\u2461"}, {"id": "ref-for-authenticator\u2460\u2460\u2462"}], "title": "5.4.3. User Account Parameters for Credential Generation (dictionary PublicKeyCredentialUserEntity)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2460\u2463"}], "title": "5.4.4. Authenticator Selection Criteria (dictionary AuthenticatorSelectionCriteria)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2460\u2464"}], "title": "5.4.5. Authenticator Attachment Enumeration (enum AuthenticatorAttachment)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2460\u2465"}, {"id": "ref-for-authenticator\u2460\u2460\u2466"}, {"id": "ref-for-authenticator\u2460\u2460\u2467"}], "title": "5.4.6. Resident Key Requirement Enumeration (enum ResidentKeyRequirement)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2460\u2468"}, {"id": "ref-for-authenticator\u2460\u2461\u24ea"}, {"id": "ref-for-authenticator\u2460\u2461\u2460"}], "title": "5.4.7. Attestation Conveyance Preference Enumeration (enum AttestationConveyancePreference)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2461\u2461"}, {"id": "ref-for-authenticator\u2460\u2461\u2462"}, {"id": "ref-for-authenticator\u2460\u2461\u2463"}, {"id": "ref-for-authenticator\u2460\u2461\u2464"}, {"id": "ref-for-authenticator\u2460\u2461\u2465"}, {"id": "ref-for-authenticator\u2460\u2461\u2466"}, {"id": "ref-for-authenticator\u2460\u2461\u2467"}, {"id": "ref-for-authenticator\u2460\u2461\u2468"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2462\u24ea"}], "title": "5.7.3. Authentication Extensions Authenticator Inputs (CDDL type AuthenticationExtensionsAuthenticatorInputs)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2462\u2460"}], "title": "5.8.3. Credential Descriptor (dictionary PublicKeyCredentialDescriptor)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2462\u2461"}, {"id": "ref-for-authenticator\u2460\u2462\u2462"}, {"id": "ref-for-authenticator\u2460\u2462\u2463"}, {"id": "ref-for-authenticator\u2460\u2462\u2464"}, {"id": "ref-for-authenticator\u2460\u2462\u2465"}, {"id": "ref-for-authenticator\u2460\u2462\u2466"}, {"id": "ref-for-authenticator\u2460\u2462\u2467"}], "title": "5.8.4. Authenticator Transport Enumeration (enum AuthenticatorTransport)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2462\u2468"}, {"id": "ref-for-authenticator\u2460\u2463\u24ea"}], "title": "5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2463\u2460"}, {"id": "ref-for-authenticator\u2460\u2463\u2461"}, {"id": "ref-for-authenticator\u2460\u2463\u2462"}, {"id": "ref-for-authenticator\u2460\u2463\u2463"}, {"id": "ref-for-authenticator\u2460\u2463\u2464"}], "title": "6. WebAuthn Authenticator Model"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2463\u2465"}, {"id": "ref-for-authenticator\u2460\u2463\u2466"}], "title": "6.1. Authenticator Data"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2463\u2467"}, {"id": "ref-for-authenticator\u2460\u2463\u2468"}, {"id": "ref-for-authenticator\u2460\u2464\u24ea"}, {"id": "ref-for-authenticator\u2460\u2464\u2460"}, {"id": "ref-for-authenticator\u2460\u2464\u2461"}, {"id": "ref-for-authenticator\u2460\u2464\u2462"}, {"id": "ref-for-authenticator\u2460\u2464\u2463"}, {"id": "ref-for-authenticator\u2460\u2464\u2464"}], "title": "6.1.3. Credential Backup State"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2464\u2465"}, {"id": "ref-for-authenticator\u2460\u2464\u2466"}, {"id": "ref-for-authenticator\u2460\u2464\u2467"}, {"id": "ref-for-authenticator\u2460\u2464\u2468"}, {"id": "ref-for-authenticator\u2460\u2465\u24ea"}, {"id": "ref-for-authenticator\u2460\u2465\u2460"}], "title": "6.2. Authenticator Taxonomy"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2465\u2461"}, {"id": "ref-for-authenticator\u2460\u2465\u2462"}, {"id": "ref-for-authenticator\u2460\u2465\u2463"}, {"id": "ref-for-authenticator\u2460\u2465\u2464"}, {"id": "ref-for-authenticator\u2460\u2465\u2465"}, {"id": "ref-for-authenticator\u2460\u2465\u2466"}], "title": "6.2.1. Authenticator Attachment Modality"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2465\u2467"}, {"id": "ref-for-authenticator\u2460\u2465\u2468"}, {"id": "ref-for-authenticator\u2460\u2466\u24ea"}, {"id": "ref-for-authenticator\u2460\u2466\u2460"}, {"id": "ref-for-authenticator\u2460\u2466\u2461"}, {"id": "ref-for-authenticator\u2460\u2466\u2462"}, {"id": "ref-for-authenticator\u2460\u2466\u2463"}, {"id": "ref-for-authenticator\u2460\u2466\u2464"}, {"id": "ref-for-authenticator\u2460\u2466\u2465"}, {"id": "ref-for-authenticator\u2460\u2466\u2466"}, {"id": "ref-for-authenticator\u2460\u2466\u2467"}, {"id": "ref-for-authenticator\u2460\u2466\u2468"}, {"id": "ref-for-authenticator\u2460\u2467\u24ea"}, {"id": "ref-for-authenticator\u2460\u2467\u2460"}, {"id": "ref-for-authenticator\u2460\u2467\u2461"}], "title": "6.2.2. Credential Storage Modality"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2467\u2462"}, {"id": "ref-for-authenticator\u2460\u2467\u2463"}, {"id": "ref-for-authenticator\u2460\u2467\u2464"}, {"id": "ref-for-authenticator\u2460\u2467\u2465"}, {"id": "ref-for-authenticator\u2460\u2467\u2466"}, {"id": "ref-for-authenticator\u2460\u2467\u2467"}, {"id": "ref-for-authenticator\u2460\u2467\u2468"}, {"id": "ref-for-authenticator\u2460\u2468\u24ea"}], "title": "6.2.3. Authentication Factor Capability"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2468\u2460"}], "title": "6.3.1. Lookup Credential Source by Credential ID Algorithm"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2468\u2461"}, {"id": "ref-for-authenticator\u2460\u2468\u2462"}, {"id": "ref-for-authenticator\u2460\u2468\u2463"}, {"id": "ref-for-authenticator\u2460\u2468\u2464"}, {"id": "ref-for-authenticator\u2460\u2468\u2465"}, {"id": "ref-for-authenticator\u2460\u2468\u2466"}, {"id": "ref-for-authenticator\u2460\u2468\u2467"}], "title": "6.3.2. The authenticatorMakeCredential Operation"}, {"refs": [{"id": "ref-for-authenticator\u2460\u2468\u2468"}, {"id": "ref-for-authenticator\u2461\u24ea\u24ea"}, {"id": "ref-for-authenticator\u2461\u24ea\u2460"}, {"id": "ref-for-authenticator\u2461\u24ea\u2461"}, {"id": "ref-for-authenticator\u2461\u24ea\u2462"}, {"id": "ref-for-authenticator\u2461\u24ea\u2463"}], "title": "6.3.3. The authenticatorGetAssertion Operation"}, {"refs": [{"id": "ref-for-authenticator\u2461\u24ea\u2464"}, {"id": "ref-for-authenticator\u2461\u24ea\u2465"}], "title": "6.3.5. The silentCredentialDiscovery operation"}, {"refs": [{"id": "ref-for-authenticator\u2461\u24ea\u2466"}, {"id": "ref-for-authenticator\u2461\u24ea\u2467"}], "title": "6.4.1. String Truncation"}, {"refs": [{"id": "ref-for-authenticator\u2461\u24ea\u2468"}], "title": "6.4.2. Language and Direction Encoding"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2460\u24ea"}, {"id": "ref-for-authenticator\u2461\u2460\u2460"}, {"id": "ref-for-authenticator\u2461\u2460\u2461"}, {"id": "ref-for-authenticator\u2461\u2460\u2462"}, {"id": "ref-for-authenticator\u2461\u2460\u2463"}, {"id": "ref-for-authenticator\u2461\u2460\u2464"}, {"id": "ref-for-authenticator\u2461\u2460\u2465"}, {"id": "ref-for-authenticator\u2461\u2460\u2466"}, {"id": "ref-for-authenticator\u2461\u2460\u2467"}, {"id": "ref-for-authenticator\u2461\u2460\u2468"}, {"id": "ref-for-authenticator\u2461\u2461\u24ea"}, {"id": "ref-for-authenticator\u2461\u2461\u2460"}], "title": "6.5. Attestation"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2461\u2461"}], "title": "6.5.3. Attestation Statement Formats"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2461\u2462"}, {"id": "ref-for-authenticator\u2461\u2461\u2463"}, {"id": "ref-for-authenticator\u2461\u2461\u2464"}, {"id": "ref-for-authenticator\u2461\u2461\u2465"}, {"id": "ref-for-authenticator\u2461\u2461\u2466"}, {"id": "ref-for-authenticator\u2461\u2461\u2467"}], "title": "6.5.4. Attestation Types"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2461\u2468"}], "title": "6.5.5. Generating an Attestation Object"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2462\u24ea"}, {"id": "ref-for-authenticator\u2461\u2462\u2460"}], "title": "6.5.6. Signature Formats for Packed Attestation, FIDO U2F Attestation, and Assertion Signatures"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2462\u2461"}, {"id": "ref-for-authenticator\u2461\u2462\u2462"}, {"id": "ref-for-authenticator\u2461\u2462\u2463"}], "title": "7.1. Registering a New Credential"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2462\u2464"}], "title": "7.2. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2462\u2465"}], "title": "8.2. Packed Attestation Statement Format"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2462\u2466"}], "title": "8.4. Android Key Attestation Statement Format"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2462\u2467"}], "title": "8.5. Android SafetyNet Attestation Statement Format"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2462\u2468"}, {"id": "ref-for-authenticator\u2461\u2463\u24ea"}, {"id": "ref-for-authenticator\u2461\u2463\u2460"}], "title": "8.7. None Attestation Statement Format"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2463\u2461"}], "title": "9. WebAuthn Extensions"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2463\u2462"}, {"id": "ref-for-authenticator\u2461\u2463\u2463"}, {"id": "ref-for-authenticator\u2461\u2463\u2464"}, {"id": "ref-for-authenticator\u2461\u2463\u2465"}], "title": "10.1.3. Credential Properties Extension (credProps)"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2463\u2466"}, {"id": "ref-for-authenticator\u2461\u2463\u2467"}, {"id": "ref-for-authenticator\u2461\u2463\u2468"}], "title": "10.1.4. Pseudo-random function extension (prf)"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2464\u24ea"}, {"id": "ref-for-authenticator\u2461\u2464\u2460"}, {"id": "ref-for-authenticator\u2461\u2464\u2461"}, {"id": "ref-for-authenticator\u2461\u2464\u2462"}], "title": "10.1.5. Large blob storage extension (largeBlob)"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2464\u2463"}], "title": "10.2.1. User Verification Method Extension (uvm)"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2464\u2464"}, {"id": "ref-for-authenticator\u2461\u2464\u2465"}, {"id": "ref-for-authenticator\u2461\u2464\u2466"}], "title": "10.2.2. Device-bound public key extension (devicePubKey)"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2464\u2467"}, {"id": "ref-for-authenticator\u2461\u2464\u2468"}, {"id": "ref-for-authenticator\u2461\u2465\u24ea"}], "title": "10.2.2.1. Relying Party Usage"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2465\u2460"}, {"id": "ref-for-authenticator\u2461\u2465\u2461"}, {"id": "ref-for-authenticator\u2461\u2465\u2462"}, {"id": "ref-for-authenticator\u2461\u2465\u2463"}, {"id": "ref-for-authenticator\u2461\u2465\u2464"}, {"id": "ref-for-authenticator\u2461\u2465\u2465"}, {"id": "ref-for-authenticator\u2461\u2465\u2466"}, {"id": "ref-for-authenticator\u2461\u2465\u2467"}, {"id": "ref-for-authenticator\u2461\u2465\u2468"}, {"id": "ref-for-authenticator\u2461\u2466\u24ea"}], "title": "10.2.2.2. Extension Definition"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2466\u2460"}, {"id": "ref-for-authenticator\u2461\u2466\u2461"}, {"id": "ref-for-authenticator\u2461\u2466\u2462"}, {"id": "ref-for-authenticator\u2461\u2466\u2463"}], "title": "13. Security Considerations"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2466\u2464"}], "title": "13.1. Credential ID Unsigned"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2466\u2465"}, {"id": "ref-for-authenticator\u2461\u2466\u2466"}, {"id": "ref-for-authenticator\u2461\u2466\u2467"}, {"id": "ref-for-authenticator\u2461\u2466\u2468"}, {"id": "ref-for-authenticator\u2461\u2467\u24ea"}, {"id": "ref-for-authenticator\u2461\u2467\u2460"}, {"id": "ref-for-authenticator\u2461\u2467\u2461"}, {"id": "ref-for-authenticator\u2461\u2467\u2462"}, {"id": "ref-for-authenticator\u2461\u2467\u2463"}, {"id": "ref-for-authenticator\u2461\u2467\u2464"}], "title": "13.2. Physical Proximity between Client and Authenticator"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2467\u2465"}], "title": "13.3. Security considerations for authenticators "}, {"refs": [{"id": "ref-for-authenticator\u2461\u2467\u2466"}], "title": "13.3.2. Attestation Certificate and Attestation Certificate CA Compromise"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2467\u2467"}, {"id": "ref-for-authenticator\u2461\u2467\u2468"}, {"id": "ref-for-authenticator\u2461\u2468\u24ea"}, {"id": "ref-for-authenticator\u2461\u2468\u2460"}, {"id": "ref-for-authenticator\u2461\u2468\u2461"}, {"id": "ref-for-authenticator\u2461\u2468\u2462"}], "title": "13.4.1. Security Benefits for WebAuthn Relying Parties"}, {"refs": [{"id": "ref-for-authenticator\u2461\u2468\u2463"}, {"id": "ref-for-authenticator\u2461\u2468\u2464"}, {"id": "ref-for-authenticator\u2461\u2468\u2465"}, {"id": "ref-for-authenticator\u2461\u2468\u2466"}, {"id": "ref-for-authenticator\u2461\u2468\u2467"}, {"id": "ref-for-authenticator\u2461\u2468\u2468"}, {"id": "ref-for-authenticator\u2462\u24ea\u24ea"}, {"id": "ref-for-authenticator\u2462\u24ea\u2460"}], "title": "13.4.4. Attestation Limitations"}, {"refs": [{"id": "ref-for-authenticator\u2462\u24ea\u2461"}], "title": "13.4.5. Revoked Attestation Certificates"}, {"refs": [{"id": "ref-for-authenticator\u2462\u24ea\u2462"}, {"id": "ref-for-authenticator\u2462\u24ea\u2463"}, {"id": "ref-for-authenticator\u2462\u24ea\u2464"}, {"id": "ref-for-authenticator\u2462\u24ea\u2465"}, {"id": "ref-for-authenticator\u2462\u24ea\u2466"}], "title": "13.4.6. Credential Loss and Key Mobility"}, {"refs": [{"id": "ref-for-authenticator\u2462\u24ea\u2467"}], "title": "13.4.9. Validating the origin of a credential"}, {"refs": [{"id": "ref-for-authenticator\u2462\u24ea\u2468"}], "title": "14. Privacy Considerations"}, {"refs": [{"id": "ref-for-authenticator\u2462\u2460\u24ea"}, {"id": "ref-for-authenticator\u2462\u2460\u2460"}, {"id": "ref-for-authenticator\u2462\u2460\u2461"}, {"id": "ref-for-authenticator\u2462\u2460\u2462"}, {"id": "ref-for-authenticator\u2462\u2460\u2463"}, {"id": "ref-for-authenticator\u2462\u2460\u2464"}, {"id": "ref-for-authenticator\u2462\u2460\u2465"}], "title": "14.1. De-anonymization Prevention Measures"}, {"refs": [{"id": "ref-for-authenticator\u2462\u2460\u2466"}, {"id": "ref-for-authenticator\u2462\u2460\u2467"}, {"id": "ref-for-authenticator\u2462\u2460\u2468"}, {"id": "ref-for-authenticator\u2462\u2461\u24ea"}, {"id": "ref-for-authenticator\u2462\u2461\u2460"}], "title": "14.2. Anonymous, Scoped, Non-correlatable Public Key Credentials"}, {"refs": [{"id": "ref-for-authenticator\u2462\u2461\u2461"}], "title": "14.3. Authenticator-local Biometric Recognition"}, {"refs": [{"id": "ref-for-authenticator\u2462\u2461\u2462"}], "title": "14.4. Privacy considerations for authenticators"}, {"refs": [{"id": "ref-for-authenticator\u2462\u2461\u2463"}, {"id": "ref-for-authenticator\u2462\u2461\u2464"}, {"id": "ref-for-authenticator\u2462\u2461\u2465"}, {"id": "ref-for-authenticator\u2462\u2461\u2466"}, {"id": "ref-for-authenticator\u2462\u2461\u2467"}], "title": "14.4.1. Attestation Privacy"}, {"refs": [{"id": "ref-for-authenticator\u2462\u2461\u2468"}, {"id": "ref-for-authenticator\u2462\u2462\u24ea"}, {"id": "ref-for-authenticator\u2462\u2462\u2460"}, {"id": "ref-for-authenticator\u2462\u2462\u2461"}, {"id": "ref-for-authenticator\u2462\u2462\u2462"}, {"id": "ref-for-authenticator\u2462\u2462\u2463"}, {"id": "ref-for-authenticator\u2462\u2462\u2464"}], "title": "14.4.2. Privacy of personally identifying information Stored in Authenticators"}, {"refs": [{"id": "ref-for-authenticator\u2462\u2462\u2465"}, {"id": "ref-for-authenticator\u2462\u2462\u2466"}, {"id": "ref-for-authenticator\u2462\u2462\u2467"}, {"id": "ref-for-authenticator\u2462\u2462\u2468"}, {"id": "ref-for-authenticator\u2462\u2463\u24ea"}, {"id": "ref-for-authenticator\u2462\u2463\u2460"}], "title": "14.5.1. Registration Ceremony Privacy"}, {"refs": [{"id": "ref-for-authenticator\u2462\u2463\u2461"}], "title": "14.6.1. User Handle Contents"}, {"refs": [{"id": "ref-for-authenticator\u2462\u2463\u2462"}], "title": "14.6.2. Username Enumeration"}, {"refs": [{"id": "ref-for-authenticator\u2462\u2463\u2463"}, {"id": "ref-for-authenticator\u2462\u2463\u2464"}, {"id": "ref-for-authenticator\u2462\u2463\u2465"}], "title": "14.6.3. Privacy leak via credential IDs"}, {"refs": [{"id": "ref-for-authenticator\u2462\u2463\u2466"}], "title": "15. Accessibility Considerations"}], "external": false}; @@ -11219,12 +11222,12 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content window.dfnpanelData['bound-credential'] = {"dfnID": "bound-credential", "url": "#bound-credential", "dfnText": "Bound credential", "refSections": [{"refs": [{"id": "ref-for-bound-credential\u2460"}, {"id": "ref-for-bound-credential\u2461"}, {"id": "ref-for-bound-credential\u2462"}, {"id": "ref-for-bound-credential\u2463"}, {"id": "ref-for-bound-credential\u2464"}, {"id": "ref-for-bound-credential\u2465"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-bound-credential\u2466"}, {"id": "ref-for-bound-credential\u2467"}, {"id": "ref-for-bound-credential\u2468"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-bound-credential\u2460\u24ea"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-bound-credential\u2460\u2460"}, {"id": "ref-for-bound-credential\u2460\u2461"}], "title": "6.2.1. Authenticator Attachment Modality"}, {"refs": [{"id": "ref-for-bound-credential\u2460\u2462"}, {"id": "ref-for-bound-credential\u2460\u2463"}], "title": "6.3.2. The authenticatorMakeCredential Operation"}, {"refs": [{"id": "ref-for-bound-credential\u2460\u2464"}, {"id": "ref-for-bound-credential\u2460\u2465"}], "title": "13.4.6. Credential Loss and Key Mobility"}, {"refs": [{"id": "ref-for-bound-credential\u2460\u2466"}], "title": "14.5.1. Registration Ceremony Privacy"}], "external": false}; window.dfnpanelData['contains'] = {"dfnID": "contains", "url": "#contains", "dfnText": "contains", "refSections": [{"refs": [{"id": "ref-for-contains"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-contains\u2460"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-contains\u2461"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}], "external": false}; window.dfnpanelData['created-on'] = {"dfnID": "created-on", "url": "#created-on", "dfnText": "created on", "refSections": [{"refs": [{"id": "ref-for-created-on"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-created-on\u2460"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}], "external": false}; -window.dfnpanelData['ceremony'] = {"dfnID": "ceremony", "url": "#ceremony", "dfnText": "Ceremony", "refSections": [{"refs": [{"id": "ref-for-ceremony"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-ceremony\u2460"}, {"id": "ref-for-ceremony\u2461"}, {"id": "ref-for-ceremony\u2462"}, {"id": "ref-for-ceremony\u2463"}, {"id": "ref-for-ceremony\u2464"}, {"id": "ref-for-ceremony\u2465"}, {"id": "ref-for-ceremony\u2466"}, {"id": "ref-for-ceremony\u2467"}, {"id": "ref-for-ceremony\u2468"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-ceremony\u2460\u24ea"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2460"}], "title": "5.8.6. User Verification Requirement Enumeration (enum UserVerificationRequirement)"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2461"}], "title": "7. WebAuthn Relying Party Operations"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2462"}], "title": "13. Security Considerations"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2463"}], "title": "14.5.1. Registration Ceremony Privacy"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2464"}], "title": "14.5.2. Authentication Ceremony Privacy"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2465"}, {"id": "ref-for-ceremony\u2460\u2466"}], "title": "14.6.2. Username Enumeration"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2467"}], "title": "15. Accessibility Considerations"}], "external": false}; +window.dfnpanelData['ceremony'] = {"dfnID": "ceremony", "url": "#ceremony", "dfnText": "Ceremony", "refSections": [{"refs": [{"id": "ref-for-ceremony"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-ceremony\u2460"}, {"id": "ref-for-ceremony\u2461"}, {"id": "ref-for-ceremony\u2462"}, {"id": "ref-for-ceremony\u2463"}, {"id": "ref-for-ceremony\u2464"}, {"id": "ref-for-ceremony\u2465"}, {"id": "ref-for-ceremony\u2466"}, {"id": "ref-for-ceremony\u2467"}, {"id": "ref-for-ceremony\u2468"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-ceremony\u2460\u24ea"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2460"}], "title": "5.8.6. User Verification Requirement Enumeration (enum UserVerificationRequirement)"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2461"}], "title": "7. WebAuthn Relying Party Operations"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2462"}], "title": "13. Security Considerations"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2463"}], "title": "14.5.1. Registration Ceremony Privacy"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2464"}], "title": "14.5.2. Authentication Ceremony Privacy"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2465"}, {"id": "ref-for-ceremony\u2460\u2466"}], "title": "14.6.2. Username Enumeration"}, {"refs": [{"id": "ref-for-ceremony\u2460\u2467"}], "title": "15.1. Recommended Range for Ceremony Timeouts"}], "external": false}; window.dfnpanelData['client'] = {"dfnID": "client", "url": "#client", "dfnText": "Client", "refSections": [{"refs": [{"id": "ref-for-client"}], "title": "1.1. Specification Roadmap"}, {"refs": [{"id": "ref-for-client\u2460"}, {"id": "ref-for-client\u2461"}], "title": "1.3.1. Registration"}, {"refs": [{"id": "ref-for-client\u2462"}, {"id": "ref-for-client\u2463"}, {"id": "ref-for-client\u2464"}], "title": "1.3.3. Authentication"}, {"refs": [{"id": "ref-for-client\u2465"}, {"id": "ref-for-client\u2466"}, {"id": "ref-for-client\u2467"}, {"id": "ref-for-client\u2468"}, {"id": "ref-for-client\u2460\u24ea"}, {"id": "ref-for-client\u2460\u2460"}, {"id": "ref-for-client\u2460\u2461"}, {"id": "ref-for-client\u2460\u2462"}, {"id": "ref-for-client\u2460\u2463"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-client\u2460\u2464"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-client\u2460\u2465"}, {"id": "ref-for-client\u2460\u2466"}, {"id": "ref-for-client\u2460\u2467"}, {"id": "ref-for-client\u2460\u2468"}, {"id": "ref-for-client\u2461\u24ea"}, {"id": "ref-for-client\u2461\u2460"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-client\u2461\u2461"}, {"id": "ref-for-client\u2461\u2462"}, {"id": "ref-for-client\u2461\u2463"}, {"id": "ref-for-client\u2461\u2464"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-client\u2461\u2465"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-client\u2461\u2466"}], "title": "5.1.7. Availability of User-Verifying Platform Authenticator - PublicKeyCredential\u2019s isUserVerifyingPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-client\u2461\u2467"}], "title": "5.1.8. Availability of a passkey platform authenticator - PublicKeyCredential\u2019s isPasskeyPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-client\u2461\u2468"}, {"id": "ref-for-client\u2462\u24ea"}, {"id": "ref-for-client\u2462\u2460"}], "title": "5.1.9. Deserialize Registration ceremony options - PublicKeyCredential\u2019s parseCreationOptionsFromJSON() Method"}, {"refs": [{"id": "ref-for-client\u2462\u2461"}, {"id": "ref-for-client\u2462\u2462"}, {"id": "ref-for-client\u2462\u2463"}], "title": "5.1.10. Deserialize Authentication ceremony options - PublicKeyCredential\u2019s parseRequestOptionsFromJSON() Methods"}, {"refs": [{"id": "ref-for-client\u2462\u2464"}, {"id": "ref-for-client\u2462\u2465"}, {"id": "ref-for-client\u2462\u2466"}, {"id": "ref-for-client\u2462\u2467"}, {"id": "ref-for-client\u2462\u2468"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-client\u2463\u24ea"}, {"id": "ref-for-client\u2463\u2460"}, {"id": "ref-for-client\u2463\u2461"}, {"id": "ref-for-client\u2463\u2462"}], "title": "5.4.1. Public Key Entity Description (dictionary PublicKeyCredentialEntity)"}, {"refs": [{"id": "ref-for-client\u2463\u2463"}, {"id": "ref-for-client\u2463\u2464"}], "title": "5.4.3. User Account Parameters for Credential Generation (dictionary PublicKeyCredentialUserEntity)"}, {"refs": [{"id": "ref-for-client\u2463\u2465"}, {"id": "ref-for-client\u2463\u2466"}], "title": "5.4.5. Authenticator Attachment Enumeration (enum AuthenticatorAttachment)"}, {"refs": [{"id": "ref-for-client\u2463\u2467"}, {"id": "ref-for-client\u2463\u2468"}, {"id": "ref-for-client\u2464\u24ea"}, {"id": "ref-for-client\u2464\u2460"}], "title": "5.4.6. Resident Key Requirement Enumeration (enum ResidentKeyRequirement)"}, {"refs": [{"id": "ref-for-client\u2464\u2461"}, {"id": "ref-for-client\u2464\u2462"}, {"id": "ref-for-client\u2464\u2463"}], "title": "5.4.7. Attestation Conveyance Preference Enumeration (enum AttestationConveyancePreference)"}, {"refs": [{"id": "ref-for-client\u2464\u2464"}, {"id": "ref-for-client\u2464\u2465"}, {"id": "ref-for-client\u2464\u2466"}, {"id": "ref-for-client\u2464\u2467"}, {"id": "ref-for-client\u2464\u2468"}, {"id": "ref-for-client\u2465\u24ea"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-client\u2465\u2460"}], "title": "5.7.3. Authentication Extensions Authenticator Inputs (CDDL type AuthenticationExtensionsAuthenticatorInputs)"}, {"refs": [{"id": "ref-for-client\u2465\u2461"}], "title": "5.8.1. Client Data Used in WebAuthn Signatures (dictionary CollectedClientData)"}, {"refs": [{"id": "ref-for-client\u2465\u2462"}, {"id": "ref-for-client\u2465\u2463"}], "title": "5.8.3. Credential Descriptor (dictionary PublicKeyCredentialDescriptor)"}, {"refs": [{"id": "ref-for-client\u2465\u2464"}], "title": "5.8.4. Authenticator Transport Enumeration (enum AuthenticatorTransport)"}, {"refs": [{"id": "ref-for-client\u2465\u2465"}], "title": "5.8.6. User Verification Requirement Enumeration (enum UserVerificationRequirement)"}, {"refs": [{"id": "ref-for-client\u2465\u2466"}, {"id": "ref-for-client\u2465\u2467"}], "title": "6. WebAuthn Authenticator Model"}, {"refs": [{"id": "ref-for-client\u2465\u2468"}, {"id": "ref-for-client\u2466\u24ea"}], "title": "6.1. Authenticator Data"}, {"refs": [{"id": "ref-for-client\u2466\u2460"}], "title": "6.2. Authenticator Taxonomy"}, {"refs": [{"id": "ref-for-client\u2466\u2461"}, {"id": "ref-for-client\u2466\u2462"}, {"id": "ref-for-client\u2466\u2463"}, {"id": "ref-for-client\u2466\u2464"}, {"id": "ref-for-client\u2466\u2465"}], "title": "6.2.1. Authenticator Attachment Modality"}, {"refs": [{"id": "ref-for-client\u2466\u2466"}], "title": "6.2.2. Credential Storage Modality"}, {"refs": [{"id": "ref-for-client\u2466\u2467"}, {"id": "ref-for-client\u2466\u2468"}, {"id": "ref-for-client\u2467\u24ea"}, {"id": "ref-for-client\u2467\u2460"}], "title": "6.3.2. The authenticatorMakeCredential Operation"}, {"refs": [{"id": "ref-for-client\u2467\u2461"}], "title": "6.3.5. The silentCredentialDiscovery operation"}, {"refs": [{"id": "ref-for-client\u2467\u2462"}], "title": "7.1. Registering a New Credential"}, {"refs": [{"id": "ref-for-client\u2467\u2463"}], "title": "7.2. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-client\u2467\u2464"}], "title": "8.6. FIDO U2F Attestation Statement Format"}, {"refs": [{"id": "ref-for-client\u2467\u2465"}, {"id": "ref-for-client\u2467\u2466"}, {"id": "ref-for-client\u2467\u2467"}], "title": "9. WebAuthn Extensions"}, {"refs": [{"id": "ref-for-client\u2467\u2468"}], "title": "9.4. Client Extension Processing"}, {"refs": [{"id": "ref-for-client\u2468\u24ea"}, {"id": "ref-for-client\u2468\u2460"}, {"id": "ref-for-client\u2468\u2461"}, {"id": "ref-for-client\u2468\u2462"}], "title": "10.1.3. Credential Properties Extension (credProps)"}, {"refs": [{"id": "ref-for-client\u2468\u2463"}], "title": "12.4. WebAuthn Extension Identifier Registrations"}, {"refs": [{"id": "ref-for-client\u2468\u2464"}], "title": "13. Security Considerations"}, {"refs": [{"id": "ref-for-client\u2468\u2465"}, {"id": "ref-for-client\u2468\u2466"}, {"id": "ref-for-client\u2468\u2467"}, {"id": "ref-for-client\u2468\u2468"}, {"id": "ref-for-client\u2460\u24ea\u24ea"}, {"id": "ref-for-client\u2460\u24ea\u2460"}, {"id": "ref-for-client\u2460\u24ea\u2461"}, {"id": "ref-for-client\u2460\u24ea\u2462"}], "title": "13.2. Physical Proximity between Client and Authenticator"}, {"refs": [{"id": "ref-for-client\u2460\u24ea\u2463"}], "title": "14. Privacy Considerations"}, {"refs": [{"id": "ref-for-client\u2460\u24ea\u2464"}, {"id": "ref-for-client\u2460\u24ea\u2465"}, {"id": "ref-for-client\u2460\u24ea\u2466"}, {"id": "ref-for-client\u2460\u24ea\u2467"}, {"id": "ref-for-client\u2460\u24ea\u2468"}], "title": "14.1. De-anonymization Prevention Measures"}, {"refs": [{"id": "ref-for-client\u2460\u2460\u24ea"}, {"id": "ref-for-client\u2460\u2460\u2460"}, {"id": "ref-for-client\u2460\u2460\u2461"}], "title": "14.2. Anonymous, Scoped, Non-correlatable Public Key Credentials"}, {"refs": [{"id": "ref-for-client\u2460\u2460\u2462"}], "title": "14.3. Authenticator-local Biometric Recognition"}, {"refs": [{"id": "ref-for-client\u2460\u2460\u2463"}, {"id": "ref-for-client\u2460\u2460\u2464"}], "title": "14.4.2. Privacy of personally identifying information Stored in Authenticators"}, {"refs": [{"id": "ref-for-client\u2460\u2460\u2465"}], "title": "14.5. Privacy considerations for clients"}], "external": false}; window.dfnpanelData['webauthn-client'] = {"dfnID": "webauthn-client", "url": "#webauthn-client", "dfnText": "WebAuthn Client", "refSections": [{"refs": [{"id": "ref-for-webauthn-client"}], "title": "1.1. Specification Roadmap"}, {"refs": [{"id": "ref-for-webauthn-client\u2460"}, {"id": "ref-for-webauthn-client\u2461"}, {"id": "ref-for-webauthn-client\u2462"}, {"id": "ref-for-webauthn-client\u2463"}, {"id": "ref-for-webauthn-client\u2464"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-webauthn-client\u2465"}], "title": "6.3. Authenticator Operations"}, {"refs": [{"id": "ref-for-webauthn-client\u2466"}], "title": "13. Security Considerations"}, {"refs": [{"id": "ref-for-webauthn-client\u2467"}], "title": "13.4.8. Code injection attacks"}], "external": false}; window.dfnpanelData['client-device'] = {"dfnID": "client-device", "url": "#client-device", "dfnText": "Client Device", "refSections": [{"refs": [{"id": "ref-for-client-device"}, {"id": "ref-for-client-device\u2460"}, {"id": "ref-for-client-device\u2461"}], "title": "1.2.3. New Device Registration"}, {"refs": [{"id": "ref-for-client-device\u2462"}], "title": "1.3. Sample API Usage Scenarios"}, {"refs": [{"id": "ref-for-client-device\u2463"}, {"id": "ref-for-client-device\u2464"}, {"id": "ref-for-client-device\u2465"}, {"id": "ref-for-client-device\u2466"}, {"id": "ref-for-client-device\u2467"}, {"id": "ref-for-client-device\u2468"}, {"id": "ref-for-client-device\u2460\u24ea"}, {"id": "ref-for-client-device\u2460\u2460"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-client-device\u2460\u2461"}, {"id": "ref-for-client-device\u2460\u2462"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-client-device\u2460\u2463"}, {"id": "ref-for-client-device\u2460\u2464"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-client-device\u2460\u2465"}, {"id": "ref-for-client-device\u2460\u2466"}], "title": "5.4.5. Authenticator Attachment Enumeration (enum AuthenticatorAttachment)"}, {"refs": [{"id": "ref-for-client-device\u2460\u2467"}, {"id": "ref-for-client-device\u2460\u2468"}], "title": "5.8.4. Authenticator Transport Enumeration (enum AuthenticatorTransport)"}, {"refs": [{"id": "ref-for-client-device\u2461\u24ea"}], "title": "5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)"}, {"refs": [{"id": "ref-for-client-device\u2461\u2460"}, {"id": "ref-for-client-device\u2461\u2461"}], "title": "6. WebAuthn Authenticator Model"}, {"refs": [{"id": "ref-for-client-device\u2461\u2462"}, {"id": "ref-for-client-device\u2461\u2463"}, {"id": "ref-for-client-device\u2461\u2464"}, {"id": "ref-for-client-device\u2461\u2465"}, {"id": "ref-for-client-device\u2461\u2466"}, {"id": "ref-for-client-device\u2461\u2467"}, {"id": "ref-for-client-device\u2461\u2468"}], "title": "6.2. Authenticator Taxonomy"}, {"refs": [{"id": "ref-for-client-device\u2462\u24ea"}, {"id": "ref-for-client-device\u2462\u2460"}, {"id": "ref-for-client-device\u2462\u2461"}, {"id": "ref-for-client-device\u2462\u2462"}, {"id": "ref-for-client-device\u2462\u2463"}, {"id": "ref-for-client-device\u2462\u2464"}, {"id": "ref-for-client-device\u2462\u2465"}, {"id": "ref-for-client-device\u2462\u2466"}, {"id": "ref-for-client-device\u2462\u2467"}, {"id": "ref-for-client-device\u2462\u2468"}, {"id": "ref-for-client-device\u2463\u24ea"}, {"id": "ref-for-client-device\u2463\u2460"}, {"id": "ref-for-client-device\u2463\u2461"}, {"id": "ref-for-client-device\u2463\u2462"}], "title": "6.2.1. Authenticator Attachment Modality"}, {"refs": [{"id": "ref-for-client-device\u2463\u2463"}], "title": "6.2.2. Credential Storage Modality"}, {"refs": [{"id": "ref-for-client-device\u2463\u2464"}, {"id": "ref-for-client-device\u2463\u2465"}], "title": "13.4.6. Credential Loss and Key Mobility"}, {"refs": [{"id": "ref-for-client-device\u2463\u2466"}, {"id": "ref-for-client-device\u2463\u2467"}], "title": "14.5.3. Privacy Between Operating System Accounts"}], "external": false}; window.dfnpanelData['webauthn-client-device'] = {"dfnID": "webauthn-client-device", "url": "#webauthn-client-device", "dfnText": "WebAuthn Client Device", "refSections": [{"refs": [{"id": "ref-for-webauthn-client-device"}, {"id": "ref-for-webauthn-client-device\u2460"}], "title": "4. Terminology"}], "external": false}; -window.dfnpanelData['client-platform'] = {"dfnID": "client-platform", "url": "#client-platform", "dfnText": "Client Platform", "refSections": [{"refs": [{"id": "ref-for-client-platform"}, {"id": "ref-for-client-platform\u2460"}, {"id": "ref-for-client-platform\u2461"}], "title": "1.3. Sample API Usage Scenarios"}, {"refs": [{"id": "ref-for-client-platform\u2462"}], "title": "1.3.1. Registration"}, {"refs": [{"id": "ref-for-client-platform\u2463"}], "title": "1.3.3. Authentication"}, {"refs": [{"id": "ref-for-client-platform\u2464"}], "title": "2.1.1. Enumerations as DOMString types"}, {"refs": [{"id": "ref-for-client-platform\u2465"}, {"id": "ref-for-client-platform\u2466"}, {"id": "ref-for-client-platform\u2467"}, {"id": "ref-for-client-platform\u2468"}, {"id": "ref-for-client-platform\u2460\u24ea"}, {"id": "ref-for-client-platform\u2460\u2460"}, {"id": "ref-for-client-platform\u2460\u2461"}, {"id": "ref-for-client-platform\u2460\u2462"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-client-platform\u2460\u2463"}, {"id": "ref-for-client-platform\u2460\u2464"}], "title": "5. Web Authentication API"}, {"refs": [{"id": "ref-for-client-platform\u2460\u2465"}, {"id": "ref-for-client-platform\u2460\u2466"}, {"id": "ref-for-client-platform\u2460\u2467"}, {"id": "ref-for-client-platform\u2460\u2468"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-client-platform\u2461\u24ea"}], "title": "5.1.4. Use an Existing Credential to Make an Assertion - PublicKeyCredential\u2019s [[Get]](options) Method"}, {"refs": [{"id": "ref-for-client-platform\u2461\u2460"}, {"id": "ref-for-client-platform\u2461\u2461"}, {"id": "ref-for-client-platform\u2461\u2462"}, {"id": "ref-for-client-platform\u2461\u2463"}, {"id": "ref-for-client-platform\u2461\u2464"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-client-platform\u2461\u2465"}, {"id": "ref-for-client-platform\u2461\u2466"}, {"id": "ref-for-client-platform\u2461\u2467"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-client-platform\u2461\u2468"}], "title": "5.1.7. Availability of User-Verifying Platform Authenticator - PublicKeyCredential\u2019s isUserVerifyingPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-client-platform\u2462\u24ea"}], "title": "5.1.8. Availability of a passkey platform authenticator - PublicKeyCredential\u2019s isPasskeyPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2460"}], "title": "5.3. Parameters for Credential Generation (dictionary PublicKeyCredentialParameters)"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2461"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2462"}], "title": "5.4.1. Public Key Entity Description (dictionary PublicKeyCredentialEntity)"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2463"}], "title": "5.4.3. User Account Parameters for Credential Generation (dictionary PublicKeyCredentialUserEntity)"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2464"}, {"id": "ref-for-client-platform\u2462\u2465"}, {"id": "ref-for-client-platform\u2462\u2466"}], "title": "5.4.4. Authenticator Selection Criteria (dictionary AuthenticatorSelectionCriteria)"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2467"}, {"id": "ref-for-client-platform\u2462\u2468"}, {"id": "ref-for-client-platform\u2463\u24ea"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2460"}, {"id": "ref-for-client-platform\u2463\u2461"}], "title": "5.8.1. Client Data Used in WebAuthn Signatures (dictionary CollectedClientData)"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2462"}, {"id": "ref-for-client-platform\u2463\u2463"}], "title": "5.8.3. Credential Descriptor (dictionary PublicKeyCredentialDescriptor)"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2464"}, {"id": "ref-for-client-platform\u2463\u2465"}], "title": "6. WebAuthn Authenticator Model"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2466"}], "title": "6.1. Authenticator Data"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2467"}], "title": "7.1. Registering a New Credential"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2468"}], "title": "7.2. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-client-platform\u2464\u24ea"}], "title": "9. WebAuthn Extensions"}, {"refs": [{"id": "ref-for-client-platform\u2464\u2460"}], "title": "10.1.2. FIDO AppID Exclusion Extension (appidExclude)"}, {"refs": [{"id": "ref-for-client-platform\u2464\u2461"}, {"id": "ref-for-client-platform\u2464\u2462"}, {"id": "ref-for-client-platform\u2464\u2463"}], "title": "10.1.3. Credential Properties Extension (credProps)"}, {"refs": [{"id": "ref-for-client-platform\u2464\u2464"}], "title": "10.2.2.2. Extension Definition"}, {"refs": [{"id": "ref-for-client-platform\u2464\u2465"}], "title": "13.4.2. Visibility Considerations for Embedded Usage"}, {"refs": [{"id": "ref-for-client-platform\u2464\u2466"}, {"id": "ref-for-client-platform\u2464\u2467"}], "title": "15. Accessibility Considerations"}], "external": false}; +window.dfnpanelData['client-platform'] = {"dfnID": "client-platform", "url": "#client-platform", "dfnText": "Client Platform", "refSections": [{"refs": [{"id": "ref-for-client-platform"}, {"id": "ref-for-client-platform\u2460"}, {"id": "ref-for-client-platform\u2461"}], "title": "1.3. Sample API Usage Scenarios"}, {"refs": [{"id": "ref-for-client-platform\u2462"}], "title": "1.3.1. Registration"}, {"refs": [{"id": "ref-for-client-platform\u2463"}], "title": "1.3.3. Authentication"}, {"refs": [{"id": "ref-for-client-platform\u2464"}], "title": "2.1.1. Enumerations as DOMString types"}, {"refs": [{"id": "ref-for-client-platform\u2465"}, {"id": "ref-for-client-platform\u2466"}, {"id": "ref-for-client-platform\u2467"}, {"id": "ref-for-client-platform\u2468"}, {"id": "ref-for-client-platform\u2460\u24ea"}, {"id": "ref-for-client-platform\u2460\u2460"}, {"id": "ref-for-client-platform\u2460\u2461"}, {"id": "ref-for-client-platform\u2460\u2462"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-client-platform\u2460\u2463"}, {"id": "ref-for-client-platform\u2460\u2464"}], "title": "5. Web Authentication API"}, {"refs": [{"id": "ref-for-client-platform\u2460\u2465"}, {"id": "ref-for-client-platform\u2460\u2466"}, {"id": "ref-for-client-platform\u2460\u2467"}, {"id": "ref-for-client-platform\u2460\u2468"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-client-platform\u2461\u24ea"}], "title": "5.1.4. Use an Existing Credential to Make an Assertion - PublicKeyCredential\u2019s [[Get]](options) Method"}, {"refs": [{"id": "ref-for-client-platform\u2461\u2460"}, {"id": "ref-for-client-platform\u2461\u2461"}, {"id": "ref-for-client-platform\u2461\u2462"}, {"id": "ref-for-client-platform\u2461\u2463"}, {"id": "ref-for-client-platform\u2461\u2464"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-client-platform\u2461\u2465"}, {"id": "ref-for-client-platform\u2461\u2466"}, {"id": "ref-for-client-platform\u2461\u2467"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-client-platform\u2461\u2468"}], "title": "5.1.7. Availability of User-Verifying Platform Authenticator - PublicKeyCredential\u2019s isUserVerifyingPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-client-platform\u2462\u24ea"}], "title": "5.1.8. Availability of a passkey platform authenticator - PublicKeyCredential\u2019s isPasskeyPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2460"}], "title": "5.3. Parameters for Credential Generation (dictionary PublicKeyCredentialParameters)"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2461"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2462"}], "title": "5.4.1. Public Key Entity Description (dictionary PublicKeyCredentialEntity)"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2463"}], "title": "5.4.3. User Account Parameters for Credential Generation (dictionary PublicKeyCredentialUserEntity)"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2464"}, {"id": "ref-for-client-platform\u2462\u2465"}, {"id": "ref-for-client-platform\u2462\u2466"}], "title": "5.4.4. Authenticator Selection Criteria (dictionary AuthenticatorSelectionCriteria)"}, {"refs": [{"id": "ref-for-client-platform\u2462\u2467"}, {"id": "ref-for-client-platform\u2462\u2468"}, {"id": "ref-for-client-platform\u2463\u24ea"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2460"}, {"id": "ref-for-client-platform\u2463\u2461"}], "title": "5.8.1. Client Data Used in WebAuthn Signatures (dictionary CollectedClientData)"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2462"}, {"id": "ref-for-client-platform\u2463\u2463"}], "title": "5.8.3. Credential Descriptor (dictionary PublicKeyCredentialDescriptor)"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2464"}, {"id": "ref-for-client-platform\u2463\u2465"}], "title": "6. WebAuthn Authenticator Model"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2466"}], "title": "6.1. Authenticator Data"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2467"}], "title": "7.1. Registering a New Credential"}, {"refs": [{"id": "ref-for-client-platform\u2463\u2468"}], "title": "7.2. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-client-platform\u2464\u24ea"}], "title": "9. WebAuthn Extensions"}, {"refs": [{"id": "ref-for-client-platform\u2464\u2460"}], "title": "10.1.2. FIDO AppID Exclusion Extension (appidExclude)"}, {"refs": [{"id": "ref-for-client-platform\u2464\u2461"}, {"id": "ref-for-client-platform\u2464\u2462"}, {"id": "ref-for-client-platform\u2464\u2463"}], "title": "10.1.3. Credential Properties Extension (credProps)"}, {"refs": [{"id": "ref-for-client-platform\u2464\u2464"}], "title": "10.2.2.2. Extension Definition"}, {"refs": [{"id": "ref-for-client-platform\u2464\u2465"}], "title": "13.4.2. Visibility Considerations for Embedded Usage"}, {"refs": [{"id": "ref-for-client-platform\u2464\u2466"}, {"id": "ref-for-client-platform\u2464\u2467"}], "title": "15.1. Recommended Range for Ceremony Timeouts"}], "external": false}; window.dfnpanelData['client-side'] = {"dfnID": "client-side", "url": "#client-side", "dfnText": "Client-Side", "refSections": [{"refs": [{"id": "ref-for-client-side"}, {"id": "ref-for-client-side\u2460"}, {"id": "ref-for-client-side\u2461"}], "title": "4. Terminology"}], "external": false}; window.dfnpanelData['client-side-discoverable-public-key-credential-source'] = {"dfnID": "client-side-discoverable-public-key-credential-source", "url": "#client-side-discoverable-public-key-credential-source", "dfnText": "Client-side discoverable Public Key Credential Source", "refSections": [{"refs": [{"id": "ref-for-client-side-discoverable-public-key-credential-source"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-client-side-discoverable-public-key-credential-source\u2460"}, {"id": "ref-for-client-side-discoverable-public-key-credential-source\u2461"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-client-side-discoverable-public-key-credential-source\u2462"}, {"id": "ref-for-client-side-discoverable-public-key-credential-source\u2463"}], "title": "6.2.2. Credential Storage Modality"}, {"refs": [{"id": "ref-for-client-side-discoverable-public-key-credential-source\u2464"}, {"id": "ref-for-client-side-discoverable-public-key-credential-source\u2465"}], "title": "6.3.2. The authenticatorMakeCredential Operation"}, {"refs": [{"id": "ref-for-client-side-discoverable-public-key-credential-source\u2466"}], "title": "11.5. Add Credential"}, {"refs": [{"id": "ref-for-client-side-discoverable-public-key-credential-source\u2467"}], "title": "14.2. Anonymous, Scoped, Non-correlatable Public Key Credentials"}], "external": false}; window.dfnpanelData['client-side-discoverable-credential'] = {"dfnID": "client-side-discoverable-credential", "url": "#client-side-discoverable-credential", "dfnText": "Client-side discoverable Credential", "refSections": [{"refs": [{"id": "ref-for-client-side-discoverable-credential"}, {"id": "ref-for-client-side-discoverable-credential\u2460"}, {"id": "ref-for-client-side-discoverable-credential\u2461"}, {"id": "ref-for-client-side-discoverable-credential\u2462"}, {"id": "ref-for-client-side-discoverable-credential\u2463"}, {"id": "ref-for-client-side-discoverable-credential\u2464"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-client-side-discoverable-credential\u2465"}], "title": "5.4.4. Authenticator Selection Criteria (dictionary AuthenticatorSelectionCriteria)"}, {"refs": [{"id": "ref-for-client-side-discoverable-credential\u2466"}, {"id": "ref-for-client-side-discoverable-credential\u2467"}, {"id": "ref-for-client-side-discoverable-credential\u2468"}, {"id": "ref-for-client-side-discoverable-credential\u2460\u24ea"}, {"id": "ref-for-client-side-discoverable-credential\u2460\u2460"}, {"id": "ref-for-client-side-discoverable-credential\u2460\u2461"}, {"id": "ref-for-client-side-discoverable-credential\u2460\u2462"}], "title": "5.4.6. Resident Key Requirement Enumeration (enum ResidentKeyRequirement)"}, {"refs": [{"id": "ref-for-client-side-discoverable-credential\u2460\u2463"}], "title": "6.3.5. The silentCredentialDiscovery operation"}, {"refs": [{"id": "ref-for-client-side-discoverable-credential\u2460\u2464"}], "title": "10.1.3. Credential Properties Extension (credProps)"}, {"refs": [{"id": "ref-for-client-side-discoverable-credential\u2460\u2465"}], "title": "11.2. Virtual Authenticators"}, {"refs": [{"id": "ref-for-client-side-discoverable-credential\u2460\u2466"}], "title": "11.5. Add Credential"}, {"refs": [{"id": "ref-for-client-side-discoverable-credential\u2460\u2467"}], "title": "14.6.3. Privacy leak via credential IDs"}], "external": false}; @@ -11272,8 +11275,8 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content window.dfnpanelData['public-key-credential-source-managing-authenticator'] = {"dfnID": "public-key-credential-source-managing-authenticator", "url": "#public-key-credential-source-managing-authenticator", "dfnText": "managing authenticator", "refSections": [{"refs": [{"id": "ref-for-public-key-credential-source-managing-authenticator"}, {"id": "ref-for-public-key-credential-source-managing-authenticator\u2460"}, {"id": "ref-for-public-key-credential-source-managing-authenticator\u2461"}, {"id": "ref-for-public-key-credential-source-managing-authenticator\u2462"}, {"id": "ref-for-public-key-credential-source-managing-authenticator\u2463"}, {"id": "ref-for-public-key-credential-source-managing-authenticator\u2464"}, {"id": "ref-for-public-key-credential-source-managing-authenticator\u2465"}, {"id": "ref-for-public-key-credential-source-managing-authenticator\u2466"}, {"id": "ref-for-public-key-credential-source-managing-authenticator\u2467"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-public-key-credential-source-managing-authenticator\u2468"}, {"id": "ref-for-public-key-credential-source-managing-authenticator\u2460\u24ea"}], "title": "5. Web Authentication API"}, {"refs": [{"id": "ref-for-public-key-credential-source-managing-authenticator\u2460\u2460"}], "title": "5.8.3. Credential Descriptor (dictionary PublicKeyCredentialDescriptor)"}, {"refs": [{"id": "ref-for-public-key-credential-source-managing-authenticator\u2460\u2461"}, {"id": "ref-for-public-key-credential-source-managing-authenticator\u2460\u2462"}], "title": "10.1.3. Credential Properties Extension (credProps)"}, {"refs": [{"id": "ref-for-public-key-credential-source-managing-authenticator\u2460\u2463"}], "title": "10.2.2.3. devicePubKey Extension Output Verification Procedures"}], "external": false}; window.dfnpanelData['rate-limiting'] = {"dfnID": "rate-limiting", "url": "#rate-limiting", "dfnText": "Rate Limiting", "refSections": [{"refs": [{"id": "ref-for-rate-limiting"}, {"id": "ref-for-rate-limiting\u2460"}], "title": "4. Terminology"}], "external": false}; window.dfnpanelData['registration'] = {"dfnID": "registration", "url": "#registration", "dfnText": "Registration", "refSections": [{"refs": [{"id": "ref-for-registration"}, {"id": "ref-for-registration\u2460"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-registration\u2461"}], "title": "1.1. Specification Roadmap"}, {"refs": [{"id": "ref-for-registration\u2462"}, {"id": "ref-for-registration\u2463"}, {"id": "ref-for-registration\u2464"}, {"id": "ref-for-registration\u2465"}, {"id": "ref-for-registration\u2466"}, {"id": "ref-for-registration\u2467"}, {"id": "ref-for-registration\u2468"}, {"id": "ref-for-registration\u2460\u24ea"}, {"id": "ref-for-registration\u2460\u2460"}, {"id": "ref-for-registration\u2460\u2461"}, {"id": "ref-for-registration\u2460\u2462"}, {"id": "ref-for-registration\u2460\u2463"}, {"id": "ref-for-registration\u2460\u2464"}, {"id": "ref-for-registration\u2460\u2465"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-registration\u2460\u2466"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-registration\u2460\u2467"}], "title": "6.2.3. Authentication Factor Capability"}, {"refs": [{"id": "ref-for-registration\u2460\u2468"}], "title": "7.1. Registering a New Credential"}, {"refs": [{"id": "ref-for-registration\u2461\u24ea"}, {"id": "ref-for-registration\u2461\u2460"}], "title": "10.1.4. Pseudo-random function extension (prf)"}, {"refs": [{"id": "ref-for-registration\u2461\u2461"}], "title": "13. Security Considerations"}, {"refs": [{"id": "ref-for-registration\u2461\u2462"}, {"id": "ref-for-registration\u2461\u2463"}], "title": "13.4.5. Revoked Attestation Certificates"}, {"refs": [{"id": "ref-for-registration\u2461\u2464"}], "title": "14.1. De-anonymization Prevention Measures"}, {"refs": [{"id": "ref-for-registration\u2461\u2465"}], "title": "14.3. Authenticator-local Biometric Recognition"}, {"refs": [{"id": "ref-for-registration\u2461\u2466"}], "title": "15. Accessibility Considerations"}, {"refs": [{"id": "ref-for-registration\u2461\u2467"}], "title": "16. Acknowledgements"}], "external": false}; -window.dfnpanelData['registration-ceremony'] = {"dfnID": "registration-ceremony", "url": "#registration-ceremony", "dfnText": "Registration Ceremony", "refSections": [{"refs": [{"id": "ref-for-registration-ceremony"}, {"id": "ref-for-registration-ceremony\u2460"}, {"id": "ref-for-registration-ceremony\u2461"}, {"id": "ref-for-registration-ceremony\u2462"}, {"id": "ref-for-registration-ceremony\u2463"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-registration-ceremony\u2464"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-registration-ceremony\u2465"}], "title": "5.4.5. Authenticator Attachment Enumeration (enum AuthenticatorAttachment)"}, {"refs": [{"id": "ref-for-registration-ceremony\u2466"}], "title": "5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)"}, {"refs": [{"id": "ref-for-registration-ceremony\u2467"}], "title": "6.1.3. Credential Backup State"}, {"refs": [{"id": "ref-for-registration-ceremony\u2468"}], "title": "7. WebAuthn Relying Party Operations"}, {"refs": [{"id": "ref-for-registration-ceremony\u2460\u24ea"}, {"id": "ref-for-registration-ceremony\u2460\u2460"}, {"id": "ref-for-registration-ceremony\u2460\u2461"}, {"id": "ref-for-registration-ceremony\u2460\u2462"}], "title": "7.1. Registering a New Credential"}, {"refs": [{"id": "ref-for-registration-ceremony\u2460\u2463"}, {"id": "ref-for-registration-ceremony\u2460\u2464"}, {"id": "ref-for-registration-ceremony\u2460\u2465"}], "title": "10.1.3. Credential Properties Extension (credProps)"}, {"refs": [{"id": "ref-for-registration-ceremony\u2460\u2466"}], "title": "13.4.1. Security Benefits for WebAuthn Relying Parties"}, {"refs": [{"id": "ref-for-registration-ceremony\u2460\u2467"}], "title": "13.4.4. Attestation Limitations"}, {"refs": [{"id": "ref-for-registration-ceremony\u2460\u2468"}, {"id": "ref-for-registration-ceremony\u2461\u24ea"}, {"id": "ref-for-registration-ceremony\u2461\u2460"}, {"id": "ref-for-registration-ceremony\u2461\u2461"}, {"id": "ref-for-registration-ceremony\u2461\u2462"}], "title": "14.6.2. Username Enumeration"}, {"refs": [{"id": "ref-for-registration-ceremony\u2461\u2463"}], "title": "15. Accessibility Considerations"}], "external": false}; -window.dfnpanelData['relying-party'] = {"dfnID": "relying-party", "url": "#relying-party", "dfnText": "Relying Party", "refSections": [{"refs": [{"id": "ref-for-relying-party\u2460"}, {"id": "ref-for-relying-party\u2461"}, {"id": "ref-for-relying-party\u2462"}, {"id": "ref-for-relying-party\u2463"}, {"id": "ref-for-relying-party\u2464"}, {"id": "ref-for-relying-party\u2465"}, {"id": "ref-for-relying-party\u2466"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-relying-party\u2467"}, {"id": "ref-for-relying-party\u2468"}, {"id": "ref-for-relying-party\u2460\u24ea"}, {"id": "ref-for-relying-party\u2460\u2460"}, {"id": "ref-for-relying-party\u2460\u2461"}, {"id": "ref-for-relying-party\u2460\u2462"}, {"id": "ref-for-relying-party\u2460\u2463"}, {"id": "ref-for-relying-party\u2460\u2464"}], "title": "1.1. Specification Roadmap"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2465"}], "title": "1.2.3. New Device Registration"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2466"}], "title": "1.2.4. Other Use Cases and Configurations"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2467"}, {"id": "ref-for-relying-party\u2460\u2468"}, {"id": "ref-for-relying-party\u2461\u24ea"}, {"id": "ref-for-relying-party\u2461\u2460"}], "title": "1.3.1. Registration"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2461"}, {"id": "ref-for-relying-party\u2461\u2462"}, {"id": "ref-for-relying-party\u2461\u2463"}], "title": "1.3.2. Registration Specifically with User-Verifying Platform Authenticator"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2464"}, {"id": "ref-for-relying-party\u2461\u2465"}, {"id": "ref-for-relying-party\u2461\u2466"}, {"id": "ref-for-relying-party\u2461\u2467"}, {"id": "ref-for-relying-party\u2461\u2468"}], "title": "1.3.3. Authentication"}, {"refs": [{"id": "ref-for-relying-party\u2462\u24ea"}, {"id": "ref-for-relying-party\u2462\u2460"}], "title": "1.3.5. Decommissioning"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2461"}], "title": "2.1.1. Enumerations as DOMString types"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2462"}, {"id": "ref-for-relying-party\u2462\u2463"}, {"id": "ref-for-relying-party\u2462\u2464"}, {"id": "ref-for-relying-party\u2462\u2465"}, {"id": "ref-for-relying-party\u2462\u2466"}, {"id": "ref-for-relying-party\u2462\u2467"}, {"id": "ref-for-relying-party\u2462\u2468"}, {"id": "ref-for-relying-party\u2463\u24ea"}, {"id": "ref-for-relying-party\u2463\u2460"}, {"id": "ref-for-relying-party\u2463\u2461"}, {"id": "ref-for-relying-party\u2463\u2462"}, {"id": "ref-for-relying-party\u2463\u2463"}, {"id": "ref-for-relying-party\u2463\u2464"}, {"id": "ref-for-relying-party\u2463\u2465"}, {"id": "ref-for-relying-party\u2463\u2466"}, {"id": "ref-for-relying-party\u2463\u2467"}, {"id": "ref-for-relying-party\u2463\u2468"}, {"id": "ref-for-relying-party\u2464\u24ea"}, {"id": "ref-for-relying-party\u2464\u2460"}, {"id": "ref-for-relying-party\u2464\u2461"}, {"id": "ref-for-relying-party\u2464\u2462"}, {"id": "ref-for-relying-party\u2464\u2463"}, {"id": "ref-for-relying-party\u2464\u2464"}, {"id": "ref-for-relying-party\u2464\u2465"}, {"id": "ref-for-relying-party\u2464\u2466"}, {"id": "ref-for-relying-party\u2464\u2467"}, {"id": "ref-for-relying-party\u2464\u2468"}, {"id": "ref-for-relying-party\u2465\u24ea"}, {"id": "ref-for-relying-party\u2465\u2460"}, {"id": "ref-for-relying-party\u2465\u2461"}, {"id": "ref-for-relying-party\u2465\u2462"}, {"id": "ref-for-relying-party\u2465\u2463"}, {"id": "ref-for-relying-party\u2465\u2464"}, {"id": "ref-for-relying-party\u2465\u2465"}, {"id": "ref-for-relying-party\u2465\u2466"}, {"id": "ref-for-relying-party\u2465\u2467"}, {"id": "ref-for-relying-party\u2465\u2468"}, {"id": "ref-for-relying-party\u2466\u24ea"}, {"id": "ref-for-relying-party\u2466\u2460"}, {"id": "ref-for-relying-party\u2466\u2461"}, {"id": "ref-for-relying-party\u2466\u2462"}, {"id": "ref-for-relying-party\u2466\u2463"}, {"id": "ref-for-relying-party\u2466\u2464"}, {"id": "ref-for-relying-party\u2466\u2465"}, {"id": "ref-for-relying-party\u2466\u2466"}, {"id": "ref-for-relying-party\u2466\u2467"}, {"id": "ref-for-relying-party\u2466\u2468"}, {"id": "ref-for-relying-party\u2467\u24ea"}, {"id": "ref-for-relying-party\u2467\u2460"}, {"id": "ref-for-relying-party\u2467\u2461"}, {"id": "ref-for-relying-party\u2467\u2462"}, {"id": "ref-for-relying-party\u2467\u2463"}, {"id": "ref-for-relying-party\u2467\u2464"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-relying-party\u2467\u2465"}, {"id": "ref-for-relying-party\u2467\u2466"}, {"id": "ref-for-relying-party\u2467\u2467"}, {"id": "ref-for-relying-party\u2467\u2468"}, {"id": "ref-for-relying-party\u2468\u24ea"}, {"id": "ref-for-relying-party\u2468\u2460"}, {"id": "ref-for-relying-party\u2468\u2461"}], "title": "5. Web Authentication API"}, {"refs": [{"id": "ref-for-relying-party\u2468\u2462"}, {"id": "ref-for-relying-party\u2468\u2463"}, {"id": "ref-for-relying-party\u2468\u2464"}, {"id": "ref-for-relying-party\u2468\u2465"}, {"id": "ref-for-relying-party\u2468\u2466"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-relying-party\u2468\u2467"}, {"id": "ref-for-relying-party\u2468\u2468"}, {"id": "ref-for-relying-party\u2460\u24ea\u24ea"}, {"id": "ref-for-relying-party\u2460\u24ea\u2460"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-relying-party\u2460\u24ea\u2461"}, {"id": "ref-for-relying-party\u2460\u24ea\u2462"}, {"id": "ref-for-relying-party\u2460\u24ea\u2463"}, {"id": "ref-for-relying-party\u2460\u24ea\u2464"}], "title": "5.1.4. Use an Existing Credential to Make an Assertion - PublicKeyCredential\u2019s [[Get]](options) Method"}, {"refs": [{"id": "ref-for-relying-party\u2460\u24ea\u2465"}, {"id": "ref-for-relying-party\u2460\u24ea\u2466"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-relying-party\u2460\u24ea\u2467"}], "title": "5.1.7. Availability of User-Verifying Platform Authenticator - PublicKeyCredential\u2019s isUserVerifyingPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-relying-party\u2460\u24ea\u2468"}], "title": "5.1.8. Availability of a passkey platform authenticator - PublicKeyCredential\u2019s isPasskeyPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2460\u24ea"}], "title": "5.2. Authenticator Responses (interface AuthenticatorResponse)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2460\u2460"}, {"id": "ref-for-relying-party\u2460\u2460\u2461"}], "title": "5.2.1. Information About Public Key Credential (interface AuthenticatorAttestationResponse)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2460\u2462"}, {"id": "ref-for-relying-party\u2460\u2460\u2463"}, {"id": "ref-for-relying-party\u2460\u2460\u2464"}, {"id": "ref-for-relying-party\u2460\u2460\u2465"}, {"id": "ref-for-relying-party\u2460\u2460\u2466"}, {"id": "ref-for-relying-party\u2460\u2460\u2467"}, {"id": "ref-for-relying-party\u2460\u2460\u2468"}], "title": "5.2.1.1. Easily accessing credential data"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2461\u24ea"}, {"id": "ref-for-relying-party\u2460\u2461\u2460"}, {"id": "ref-for-relying-party\u2460\u2461\u2461"}, {"id": "ref-for-relying-party\u2460\u2461\u2462"}, {"id": "ref-for-relying-party\u2460\u2461\u2463"}, {"id": "ref-for-relying-party\u2460\u2461\u2464"}, {"id": "ref-for-relying-party\u2460\u2461\u2465"}, {"id": "ref-for-relying-party\u2460\u2461\u2466"}, {"id": "ref-for-relying-party\u2460\u2461\u2467"}, {"id": "ref-for-relying-party\u2460\u2461\u2468"}, {"id": "ref-for-relying-party\u2460\u2462\u24ea"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2462\u2460"}, {"id": "ref-for-relying-party\u2460\u2462\u2461"}, {"id": "ref-for-relying-party\u2460\u2462\u2462"}, {"id": "ref-for-relying-party\u2460\u2462\u2463"}, {"id": "ref-for-relying-party\u2460\u2462\u2464"}, {"id": "ref-for-relying-party\u2460\u2462\u2465"}], "title": "5.4.1. Public Key Entity Description (dictionary PublicKeyCredentialEntity)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2462\u2466"}, {"id": "ref-for-relying-party\u2460\u2462\u2467"}], "title": "5.4.2. Relying Party Parameters for Credential Generation (dictionary PublicKeyCredentialRpEntity)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2462\u2468"}, {"id": "ref-for-relying-party\u2460\u2463\u24ea"}, {"id": "ref-for-relying-party\u2460\u2463\u2460"}, {"id": "ref-for-relying-party\u2460\u2463\u2461"}, {"id": "ref-for-relying-party\u2460\u2463\u2462"}], "title": "5.4.3. User Account Parameters for Credential Generation (dictionary PublicKeyCredentialUserEntity)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2463\u2463"}, {"id": "ref-for-relying-party\u2460\u2463\u2464"}, {"id": "ref-for-relying-party\u2460\u2463\u2465"}], "title": "5.4.4. Authenticator Selection Criteria (dictionary AuthenticatorSelectionCriteria)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2463\u2466"}, {"id": "ref-for-relying-party\u2460\u2463\u2467"}, {"id": "ref-for-relying-party\u2460\u2463\u2468"}], "title": "5.4.5. Authenticator Attachment Enumeration (enum AuthenticatorAttachment)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2464\u24ea"}, {"id": "ref-for-relying-party\u2460\u2464\u2460"}, {"id": "ref-for-relying-party\u2460\u2464\u2461"}, {"id": "ref-for-relying-party\u2460\u2464\u2462"}, {"id": "ref-for-relying-party\u2460\u2464\u2463"}, {"id": "ref-for-relying-party\u2460\u2464\u2464"}], "title": "5.4.6. Resident Key Requirement Enumeration (enum ResidentKeyRequirement)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2464\u2465"}, {"id": "ref-for-relying-party\u2460\u2464\u2466"}, {"id": "ref-for-relying-party\u2460\u2464\u2467"}, {"id": "ref-for-relying-party\u2460\u2464\u2468"}, {"id": "ref-for-relying-party\u2460\u2465\u24ea"}, {"id": "ref-for-relying-party\u2460\u2465\u2460"}, {"id": "ref-for-relying-party\u2460\u2465\u2461"}, {"id": "ref-for-relying-party\u2460\u2465\u2462"}], "title": "5.4.7. Attestation Conveyance Preference Enumeration (enum AttestationConveyancePreference)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2465\u2463"}, {"id": "ref-for-relying-party\u2460\u2465\u2464"}, {"id": "ref-for-relying-party\u2460\u2465\u2465"}, {"id": "ref-for-relying-party\u2460\u2465\u2466"}, {"id": "ref-for-relying-party\u2460\u2465\u2467"}, {"id": "ref-for-relying-party\u2460\u2465\u2468"}, {"id": "ref-for-relying-party\u2460\u2466\u24ea"}, {"id": "ref-for-relying-party\u2460\u2466\u2460"}, {"id": "ref-for-relying-party\u2460\u2466\u2461"}, {"id": "ref-for-relying-party\u2460\u2466\u2462"}, {"id": "ref-for-relying-party\u2460\u2466\u2463"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2466\u2464"}], "title": "5.7.3. Authentication Extensions Authenticator Inputs (CDDL type AuthenticationExtensionsAuthenticatorInputs)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2466\u2465"}, {"id": "ref-for-relying-party\u2460\u2466\u2466"}, {"id": "ref-for-relying-party\u2460\u2466\u2467"}, {"id": "ref-for-relying-party\u2460\u2466\u2468"}, {"id": "ref-for-relying-party\u2460\u2467\u24ea"}], "title": "5.8.1. Client Data Used in WebAuthn Signatures (dictionary CollectedClientData)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2467\u2460"}, {"id": "ref-for-relying-party\u2460\u2467\u2461"}], "title": "5.8.3. Credential Descriptor (dictionary PublicKeyCredentialDescriptor)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2467\u2462"}], "title": "5.8.4. Authenticator Transport Enumeration (enum AuthenticatorTransport)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2467\u2463"}, {"id": "ref-for-relying-party\u2460\u2467\u2464"}, {"id": "ref-for-relying-party\u2460\u2467\u2465"}], "title": "5.8.6. User Verification Requirement Enumeration (enum UserVerificationRequirement)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2467\u2466"}, {"id": "ref-for-relying-party\u2460\u2467\u2467"}, {"id": "ref-for-relying-party\u2460\u2467\u2468"}, {"id": "ref-for-relying-party\u2460\u2468\u24ea"}, {"id": "ref-for-relying-party\u2460\u2468\u2460"}, {"id": "ref-for-relying-party\u2460\u2468\u2461"}, {"id": "ref-for-relying-party\u2460\u2468\u2462"}], "title": "5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2468\u2463"}], "title": "5.10. Using Web Authentication within iframe elements"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2468\u2464"}, {"id": "ref-for-relying-party\u2460\u2468\u2465"}, {"id": "ref-for-relying-party\u2460\u2468\u2466"}, {"id": "ref-for-relying-party\u2460\u2468\u2467"}, {"id": "ref-for-relying-party\u2460\u2468\u2468"}], "title": "6. WebAuthn Authenticator Model"}, {"refs": [{"id": "ref-for-relying-party\u2461\u24ea\u24ea"}], "title": "6.1. Authenticator Data"}, {"refs": [{"id": "ref-for-relying-party\u2461\u24ea\u2460"}, {"id": "ref-for-relying-party\u2461\u24ea\u2461"}, {"id": "ref-for-relying-party\u2461\u24ea\u2462"}, {"id": "ref-for-relying-party\u2461\u24ea\u2463"}, {"id": "ref-for-relying-party\u2461\u24ea\u2464"}], "title": "6.1.1. Signature Counter Considerations"}, {"refs": [{"id": "ref-for-relying-party\u2461\u24ea\u2465"}, {"id": "ref-for-relying-party\u2461\u24ea\u2466"}, {"id": "ref-for-relying-party\u2461\u24ea\u2467"}, {"id": "ref-for-relying-party\u2461\u24ea\u2468"}, {"id": "ref-for-relying-party\u2461\u2460\u24ea"}], "title": "6.1.3. Credential Backup State"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2460\u2460"}], "title": "6.2. Authenticator Taxonomy"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2460\u2461"}, {"id": "ref-for-relying-party\u2461\u2460\u2462"}, {"id": "ref-for-relying-party\u2461\u2460\u2463"}], "title": "6.2.2. Credential Storage Modality"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2460\u2464"}, {"id": "ref-for-relying-party\u2461\u2460\u2465"}, {"id": "ref-for-relying-party\u2461\u2460\u2466"}], "title": "6.2.3. Authentication Factor Capability"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2460\u2467"}, {"id": "ref-for-relying-party\u2461\u2460\u2468"}, {"id": "ref-for-relying-party\u2461\u2461\u24ea"}, {"id": "ref-for-relying-party\u2461\u2461\u2460"}, {"id": "ref-for-relying-party\u2461\u2461\u2461"}, {"id": "ref-for-relying-party\u2461\u2461\u2462"}, {"id": "ref-for-relying-party\u2461\u2461\u2463"}], "title": "6.3.2. The authenticatorMakeCredential Operation"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2461\u2464"}, {"id": "ref-for-relying-party\u2461\u2461\u2465"}, {"id": "ref-for-relying-party\u2461\u2461\u2466"}, {"id": "ref-for-relying-party\u2461\u2461\u2467"}], "title": "6.3.3. The authenticatorGetAssertion Operation"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2461\u2468"}], "title": "6.4. String Handling"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2462\u24ea"}, {"id": "ref-for-relying-party\u2461\u2462\u2460"}], "title": "6.4.1. String Truncation"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2462\u2461"}, {"id": "ref-for-relying-party\u2461\u2462\u2462"}, {"id": "ref-for-relying-party\u2461\u2462\u2463"}, {"id": "ref-for-relying-party\u2461\u2462\u2464"}, {"id": "ref-for-relying-party\u2461\u2462\u2465"}, {"id": "ref-for-relying-party\u2461\u2462\u2466"}, {"id": "ref-for-relying-party\u2461\u2462\u2467"}, {"id": "ref-for-relying-party\u2461\u2462\u2468"}], "title": "6.5. Attestation"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2463\u24ea"}, {"id": "ref-for-relying-party\u2461\u2463\u2460"}], "title": "6.5.1. Attestation in assertions"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2463\u2461"}, {"id": "ref-for-relying-party\u2461\u2463\u2462"}, {"id": "ref-for-relying-party\u2461\u2463\u2463"}, {"id": "ref-for-relying-party\u2461\u2463\u2464"}, {"id": "ref-for-relying-party\u2461\u2463\u2465"}], "title": "6.5.4. Attestation Types"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2463\u2466"}, {"id": "ref-for-relying-party\u2461\u2463\u2467"}, {"id": "ref-for-relying-party\u2461\u2463\u2468"}, {"id": "ref-for-relying-party\u2461\u2464\u24ea"}], "title": "7. WebAuthn Relying Party Operations"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2464\u2460"}, {"id": "ref-for-relying-party\u2461\u2464\u2461"}, {"id": "ref-for-relying-party\u2461\u2464\u2462"}, {"id": "ref-for-relying-party\u2461\u2464\u2463"}, {"id": "ref-for-relying-party\u2461\u2464\u2464"}, {"id": "ref-for-relying-party\u2461\u2464\u2465"}, {"id": "ref-for-relying-party\u2461\u2464\u2466"}, {"id": "ref-for-relying-party\u2461\u2464\u2467"}, {"id": "ref-for-relying-party\u2461\u2464\u2468"}, {"id": "ref-for-relying-party\u2461\u2465\u24ea"}, {"id": "ref-for-relying-party\u2461\u2465\u2460"}, {"id": "ref-for-relying-party\u2461\u2465\u2461"}, {"id": "ref-for-relying-party\u2461\u2465\u2462"}, {"id": "ref-for-relying-party\u2461\u2465\u2463"}, {"id": "ref-for-relying-party\u2461\u2465\u2464"}, {"id": "ref-for-relying-party\u2461\u2465\u2465"}, {"id": "ref-for-relying-party\u2461\u2465\u2466"}, {"id": "ref-for-relying-party\u2461\u2465\u2467"}, {"id": "ref-for-relying-party\u2461\u2465\u2468"}, {"id": "ref-for-relying-party\u2461\u2466\u24ea"}, {"id": "ref-for-relying-party\u2461\u2466\u2460"}, {"id": "ref-for-relying-party\u2461\u2466\u2461"}, {"id": "ref-for-relying-party\u2461\u2466\u2462"}, {"id": "ref-for-relying-party\u2461\u2466\u2463"}, {"id": "ref-for-relying-party\u2461\u2466\u2464"}, {"id": "ref-for-relying-party\u2461\u2466\u2465"}], "title": "7.1. Registering a New Credential"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2466\u2466"}, {"id": "ref-for-relying-party\u2461\u2466\u2467"}, {"id": "ref-for-relying-party\u2461\u2466\u2468"}, {"id": "ref-for-relying-party\u2461\u2467\u24ea"}, {"id": "ref-for-relying-party\u2461\u2467\u2460"}, {"id": "ref-for-relying-party\u2461\u2467\u2461"}, {"id": "ref-for-relying-party\u2461\u2467\u2462"}, {"id": "ref-for-relying-party\u2461\u2467\u2463"}, {"id": "ref-for-relying-party\u2461\u2467\u2464"}, {"id": "ref-for-relying-party\u2461\u2467\u2465"}, {"id": "ref-for-relying-party\u2461\u2467\u2466"}, {"id": "ref-for-relying-party\u2461\u2467\u2467"}, {"id": "ref-for-relying-party\u2461\u2467\u2468"}, {"id": "ref-for-relying-party\u2461\u2468\u24ea"}, {"id": "ref-for-relying-party\u2461\u2468\u2460"}, {"id": "ref-for-relying-party\u2461\u2468\u2461"}, {"id": "ref-for-relying-party\u2461\u2468\u2462"}, {"id": "ref-for-relying-party\u2461\u2468\u2463"}, {"id": "ref-for-relying-party\u2461\u2468\u2464"}], "title": "7.2. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2468\u2465"}, {"id": "ref-for-relying-party\u2461\u2468\u2466"}], "title": "8.9. Compound Attestation Statement Format"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2468\u2467"}, {"id": "ref-for-relying-party\u2461\u2468\u2468"}, {"id": "ref-for-relying-party\u2462\u24ea\u24ea"}], "title": "9. WebAuthn Extensions"}, {"refs": [{"id": "ref-for-relying-party\u2462\u24ea\u2460"}], "title": "9.2. Defining Extensions"}, {"refs": [{"id": "ref-for-relying-party\u2462\u24ea\u2461"}, {"id": "ref-for-relying-party\u2462\u24ea\u2462"}, {"id": "ref-for-relying-party\u2462\u24ea\u2463"}], "title": "9.3. Extending Request Parameters"}, {"refs": [{"id": "ref-for-relying-party\u2462\u24ea\u2464"}, {"id": "ref-for-relying-party\u2462\u24ea\u2465"}, {"id": "ref-for-relying-party\u2462\u24ea\u2466"}, {"id": "ref-for-relying-party\u2462\u24ea\u2467"}, {"id": "ref-for-relying-party\u2462\u24ea\u2468"}], "title": "10.1.1. FIDO AppID Extension (appid)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2460\u24ea"}, {"id": "ref-for-relying-party\u2462\u2460\u2460"}], "title": "10.1.2. FIDO AppID Exclusion Extension (appidExclude)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2460\u2461"}, {"id": "ref-for-relying-party\u2462\u2460\u2462"}, {"id": "ref-for-relying-party\u2462\u2460\u2463"}, {"id": "ref-for-relying-party\u2462\u2460\u2464"}, {"id": "ref-for-relying-party\u2462\u2460\u2465"}], "title": "10.1.3. Credential Properties Extension (credProps)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2460\u2466"}, {"id": "ref-for-relying-party\u2462\u2460\u2467"}, {"id": "ref-for-relying-party\u2462\u2460\u2468"}], "title": "10.1.4. Pseudo-random function extension (prf)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2461\u24ea"}, {"id": "ref-for-relying-party\u2462\u2461\u2460"}, {"id": "ref-for-relying-party\u2462\u2461\u2461"}, {"id": "ref-for-relying-party\u2462\u2461\u2462"}, {"id": "ref-for-relying-party\u2462\u2461\u2463"}, {"id": "ref-for-relying-party\u2462\u2461\u2464"}, {"id": "ref-for-relying-party\u2462\u2461\u2465"}, {"id": "ref-for-relying-party\u2462\u2461\u2466"}], "title": "10.1.5. Large blob storage extension (largeBlob)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2461\u2467"}], "title": "10.2.1. User Verification Method Extension (uvm)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2461\u2468"}, {"id": "ref-for-relying-party\u2462\u2462\u24ea"}], "title": "10.2.2. Device-bound public key extension (devicePubKey)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2462\u2460"}, {"id": "ref-for-relying-party\u2462\u2462\u2461"}, {"id": "ref-for-relying-party\u2462\u2462\u2462"}, {"id": "ref-for-relying-party\u2462\u2462\u2463"}, {"id": "ref-for-relying-party\u2462\u2462\u2464"}, {"id": "ref-for-relying-party\u2462\u2462\u2465"}, {"id": "ref-for-relying-party\u2462\u2462\u2466"}], "title": "10.2.2.1. Relying Party Usage"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2462\u2467"}, {"id": "ref-for-relying-party\u2462\u2462\u2468"}, {"id": "ref-for-relying-party\u2462\u2463\u24ea"}, {"id": "ref-for-relying-party\u2462\u2463\u2460"}, {"id": "ref-for-relying-party\u2462\u2463\u2461"}], "title": "10.2.2.2. Extension Definition"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2463\u2462"}], "title": "10.2.2.2.2. Attestation calculations"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2463\u2463"}], "title": "10.2.2.3. devicePubKey Extension Output Verification Procedures"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2463\u2464"}, {"id": "ref-for-relying-party\u2462\u2463\u2465"}, {"id": "ref-for-relying-party\u2462\u2463\u2466"}, {"id": "ref-for-relying-party\u2462\u2463\u2467"}], "title": "10.2.2.3.1. Registration (create())"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2463\u2468"}, {"id": "ref-for-relying-party\u2462\u2464\u24ea"}, {"id": "ref-for-relying-party\u2462\u2464\u2460"}, {"id": "ref-for-relying-party\u2462\u2464\u2461"}, {"id": "ref-for-relying-party\u2462\u2464\u2462"}, {"id": "ref-for-relying-party\u2462\u2464\u2463"}], "title": "10.2.2.3.2. Authentication (get())"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2464\u2464"}], "title": "12.4. WebAuthn Extension Identifier Registrations"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2464\u2465"}, {"id": "ref-for-relying-party\u2462\u2464\u2466"}, {"id": "ref-for-relying-party\u2462\u2464\u2467"}, {"id": "ref-for-relying-party\u2462\u2464\u2468"}], "title": "13. Security Considerations"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2465\u24ea"}, {"id": "ref-for-relying-party\u2462\u2465\u2460"}], "title": "13.2. Physical Proximity between Client and Authenticator"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2465\u2461"}, {"id": "ref-for-relying-party\u2462\u2465\u2462"}], "title": "13.3.2. Attestation Certificate and Attestation Certificate CA Compromise"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2465\u2463"}], "title": "13.4. Security considerations for Relying Parties"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2465\u2464"}, {"id": "ref-for-relying-party\u2462\u2465\u2465"}, {"id": "ref-for-relying-party\u2462\u2465\u2466"}, {"id": "ref-for-relying-party\u2462\u2465\u2467"}, {"id": "ref-for-relying-party\u2462\u2465\u2468"}, {"id": "ref-for-relying-party\u2462\u2466\u24ea"}], "title": "13.4.1. Security Benefits for WebAuthn Relying Parties"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2466\u2460"}, {"id": "ref-for-relying-party\u2462\u2466\u2461"}, {"id": "ref-for-relying-party\u2462\u2466\u2462"}, {"id": "ref-for-relying-party\u2462\u2466\u2463"}], "title": "13.4.2. Visibility Considerations for Embedded Usage"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2466\u2464"}, {"id": "ref-for-relying-party\u2462\u2466\u2465"}], "title": "13.4.3. Cryptographic Challenges"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2466\u2466"}, {"id": "ref-for-relying-party\u2462\u2466\u2467"}, {"id": "ref-for-relying-party\u2462\u2466\u2468"}, {"id": "ref-for-relying-party\u2462\u2467\u24ea"}, {"id": "ref-for-relying-party\u2462\u2467\u2460"}, {"id": "ref-for-relying-party\u2462\u2467\u2461"}, {"id": "ref-for-relying-party\u2462\u2467\u2462"}, {"id": "ref-for-relying-party\u2462\u2467\u2463"}], "title": "13.4.4. Attestation Limitations"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2467\u2464"}, {"id": "ref-for-relying-party\u2462\u2467\u2465"}, {"id": "ref-for-relying-party\u2462\u2467\u2466"}], "title": "13.4.5. Revoked Attestation Certificates"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2467\u2467"}, {"id": "ref-for-relying-party\u2462\u2467\u2468"}, {"id": "ref-for-relying-party\u2462\u2468\u24ea"}], "title": "13.4.6. Credential Loss and Key Mobility"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2468\u2460"}, {"id": "ref-for-relying-party\u2462\u2468\u2461"}], "title": "13.4.7. Unprotected account detection"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2468\u2462"}, {"id": "ref-for-relying-party\u2462\u2468\u2463"}, {"id": "ref-for-relying-party\u2462\u2468\u2464"}, {"id": "ref-for-relying-party\u2462\u2468\u2465"}, {"id": "ref-for-relying-party\u2462\u2468\u2466"}, {"id": "ref-for-relying-party\u2462\u2468\u2467"}, {"id": "ref-for-relying-party\u2462\u2468\u2468"}, {"id": "ref-for-relying-party\u2463\u24ea\u24ea"}, {"id": "ref-for-relying-party\u2463\u24ea\u2460"}], "title": "13.4.8. Code injection attacks"}, {"refs": [{"id": "ref-for-relying-party\u2463\u24ea\u2461"}, {"id": "ref-for-relying-party\u2463\u24ea\u2462"}, {"id": "ref-for-relying-party\u2463\u24ea\u2463"}, {"id": "ref-for-relying-party\u2463\u24ea\u2464"}, {"id": "ref-for-relying-party\u2463\u24ea\u2465"}, {"id": "ref-for-relying-party\u2463\u24ea\u2466"}, {"id": "ref-for-relying-party\u2463\u24ea\u2467"}], "title": "13.4.9. Validating the origin of a credential"}, {"refs": [{"id": "ref-for-relying-party\u2463\u24ea\u2468"}], "title": "14. Privacy Considerations"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2460\u24ea"}, {"id": "ref-for-relying-party\u2463\u2460\u2460"}, {"id": "ref-for-relying-party\u2463\u2460\u2461"}, {"id": "ref-for-relying-party\u2463\u2460\u2462"}, {"id": "ref-for-relying-party\u2463\u2460\u2463"}, {"id": "ref-for-relying-party\u2463\u2460\u2464"}, {"id": "ref-for-relying-party\u2463\u2460\u2465"}], "title": "14.1. De-anonymization Prevention Measures"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2460\u2466"}, {"id": "ref-for-relying-party\u2463\u2460\u2467"}, {"id": "ref-for-relying-party\u2463\u2460\u2468"}, {"id": "ref-for-relying-party\u2463\u2461\u24ea"}, {"id": "ref-for-relying-party\u2463\u2461\u2460"}, {"id": "ref-for-relying-party\u2463\u2461\u2461"}, {"id": "ref-for-relying-party\u2463\u2461\u2462"}, {"id": "ref-for-relying-party\u2463\u2461\u2463"}, {"id": "ref-for-relying-party\u2463\u2461\u2464"}, {"id": "ref-for-relying-party\u2463\u2461\u2465"}, {"id": "ref-for-relying-party\u2463\u2461\u2466"}], "title": "14.2. Anonymous, Scoped, Non-correlatable Public Key Credentials"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2461\u2467"}, {"id": "ref-for-relying-party\u2463\u2461\u2468"}, {"id": "ref-for-relying-party\u2463\u2462\u24ea"}, {"id": "ref-for-relying-party\u2463\u2462\u2460"}, {"id": "ref-for-relying-party\u2463\u2462\u2461"}], "title": "14.3. Authenticator-local Biometric Recognition"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2462\u2462"}, {"id": "ref-for-relying-party\u2463\u2462\u2463"}, {"id": "ref-for-relying-party\u2463\u2462\u2464"}], "title": "14.5.1. Registration Ceremony Privacy"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2462\u2465"}, {"id": "ref-for-relying-party\u2463\u2462\u2466"}, {"id": "ref-for-relying-party\u2463\u2462\u2467"}], "title": "14.5.2. Authentication Ceremony Privacy"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2462\u2468"}], "title": "14.6. Privacy considerations for Relying Parties"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2463\u24ea"}, {"id": "ref-for-relying-party\u2463\u2463\u2460"}], "title": "14.6.1. User Handle Contents"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2463\u2461"}, {"id": "ref-for-relying-party\u2463\u2463\u2462"}, {"id": "ref-for-relying-party\u2463\u2463\u2463"}, {"id": "ref-for-relying-party\u2463\u2463\u2464"}, {"id": "ref-for-relying-party\u2463\u2463\u2465"}, {"id": "ref-for-relying-party\u2463\u2463\u2466"}, {"id": "ref-for-relying-party\u2463\u2463\u2467"}, {"id": "ref-for-relying-party\u2463\u2463\u2468"}, {"id": "ref-for-relying-party\u2463\u2464\u24ea"}, {"id": "ref-for-relying-party\u2463\u2464\u2460"}, {"id": "ref-for-relying-party\u2463\u2464\u2461"}, {"id": "ref-for-relying-party\u2463\u2464\u2462"}], "title": "14.6.2. Username Enumeration"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2464\u2463"}, {"id": "ref-for-relying-party\u2463\u2464\u2464"}, {"id": "ref-for-relying-party\u2463\u2464\u2465"}, {"id": "ref-for-relying-party\u2463\u2464\u2466"}, {"id": "ref-for-relying-party\u2463\u2464\u2467"}], "title": "14.6.3. Privacy leak via credential IDs"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2464\u2468"}, {"id": "ref-for-relying-party\u2463\u2465\u24ea"}], "title": "15. Accessibility Considerations"}], "external": false}; +window.dfnpanelData['registration-ceremony'] = {"dfnID": "registration-ceremony", "url": "#registration-ceremony", "dfnText": "Registration Ceremony", "refSections": [{"refs": [{"id": "ref-for-registration-ceremony"}, {"id": "ref-for-registration-ceremony\u2460"}, {"id": "ref-for-registration-ceremony\u2461"}, {"id": "ref-for-registration-ceremony\u2462"}, {"id": "ref-for-registration-ceremony\u2463"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-registration-ceremony\u2464"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-registration-ceremony\u2465"}], "title": "5.4.5. Authenticator Attachment Enumeration (enum AuthenticatorAttachment)"}, {"refs": [{"id": "ref-for-registration-ceremony\u2466"}], "title": "5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)"}, {"refs": [{"id": "ref-for-registration-ceremony\u2467"}], "title": "6.1.3. Credential Backup State"}, {"refs": [{"id": "ref-for-registration-ceremony\u2468"}], "title": "7. WebAuthn Relying Party Operations"}, {"refs": [{"id": "ref-for-registration-ceremony\u2460\u24ea"}, {"id": "ref-for-registration-ceremony\u2460\u2460"}, {"id": "ref-for-registration-ceremony\u2460\u2461"}, {"id": "ref-for-registration-ceremony\u2460\u2462"}], "title": "7.1. Registering a New Credential"}, {"refs": [{"id": "ref-for-registration-ceremony\u2460\u2463"}, {"id": "ref-for-registration-ceremony\u2460\u2464"}, {"id": "ref-for-registration-ceremony\u2460\u2465"}], "title": "10.1.3. Credential Properties Extension (credProps)"}, {"refs": [{"id": "ref-for-registration-ceremony\u2460\u2466"}], "title": "13.4.1. Security Benefits for WebAuthn Relying Parties"}, {"refs": [{"id": "ref-for-registration-ceremony\u2460\u2467"}], "title": "13.4.4. Attestation Limitations"}, {"refs": [{"id": "ref-for-registration-ceremony\u2460\u2468"}, {"id": "ref-for-registration-ceremony\u2461\u24ea"}, {"id": "ref-for-registration-ceremony\u2461\u2460"}, {"id": "ref-for-registration-ceremony\u2461\u2461"}, {"id": "ref-for-registration-ceremony\u2461\u2462"}], "title": "14.6.2. Username Enumeration"}, {"refs": [{"id": "ref-for-registration-ceremony\u2461\u2463"}], "title": "15.1. Recommended Range for Ceremony Timeouts"}], "external": false}; +window.dfnpanelData['relying-party'] = {"dfnID": "relying-party", "url": "#relying-party", "dfnText": "Relying Party", "refSections": [{"refs": [{"id": "ref-for-relying-party\u2460"}, {"id": "ref-for-relying-party\u2461"}, {"id": "ref-for-relying-party\u2462"}, {"id": "ref-for-relying-party\u2463"}, {"id": "ref-for-relying-party\u2464"}, {"id": "ref-for-relying-party\u2465"}, {"id": "ref-for-relying-party\u2466"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-relying-party\u2467"}, {"id": "ref-for-relying-party\u2468"}, {"id": "ref-for-relying-party\u2460\u24ea"}, {"id": "ref-for-relying-party\u2460\u2460"}, {"id": "ref-for-relying-party\u2460\u2461"}, {"id": "ref-for-relying-party\u2460\u2462"}, {"id": "ref-for-relying-party\u2460\u2463"}, {"id": "ref-for-relying-party\u2460\u2464"}], "title": "1.1. Specification Roadmap"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2465"}], "title": "1.2.3. New Device Registration"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2466"}], "title": "1.2.4. Other Use Cases and Configurations"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2467"}, {"id": "ref-for-relying-party\u2460\u2468"}, {"id": "ref-for-relying-party\u2461\u24ea"}, {"id": "ref-for-relying-party\u2461\u2460"}], "title": "1.3.1. Registration"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2461"}, {"id": "ref-for-relying-party\u2461\u2462"}, {"id": "ref-for-relying-party\u2461\u2463"}], "title": "1.3.2. Registration Specifically with User-Verifying Platform Authenticator"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2464"}, {"id": "ref-for-relying-party\u2461\u2465"}, {"id": "ref-for-relying-party\u2461\u2466"}, {"id": "ref-for-relying-party\u2461\u2467"}, {"id": "ref-for-relying-party\u2461\u2468"}], "title": "1.3.3. Authentication"}, {"refs": [{"id": "ref-for-relying-party\u2462\u24ea"}, {"id": "ref-for-relying-party\u2462\u2460"}], "title": "1.3.5. Decommissioning"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2461"}], "title": "2.1.1. Enumerations as DOMString types"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2462"}, {"id": "ref-for-relying-party\u2462\u2463"}, {"id": "ref-for-relying-party\u2462\u2464"}, {"id": "ref-for-relying-party\u2462\u2465"}, {"id": "ref-for-relying-party\u2462\u2466"}, {"id": "ref-for-relying-party\u2462\u2467"}, {"id": "ref-for-relying-party\u2462\u2468"}, {"id": "ref-for-relying-party\u2463\u24ea"}, {"id": "ref-for-relying-party\u2463\u2460"}, {"id": "ref-for-relying-party\u2463\u2461"}, {"id": "ref-for-relying-party\u2463\u2462"}, {"id": "ref-for-relying-party\u2463\u2463"}, {"id": "ref-for-relying-party\u2463\u2464"}, {"id": "ref-for-relying-party\u2463\u2465"}, {"id": "ref-for-relying-party\u2463\u2466"}, {"id": "ref-for-relying-party\u2463\u2467"}, {"id": "ref-for-relying-party\u2463\u2468"}, {"id": "ref-for-relying-party\u2464\u24ea"}, {"id": "ref-for-relying-party\u2464\u2460"}, {"id": "ref-for-relying-party\u2464\u2461"}, {"id": "ref-for-relying-party\u2464\u2462"}, {"id": "ref-for-relying-party\u2464\u2463"}, {"id": "ref-for-relying-party\u2464\u2464"}, {"id": "ref-for-relying-party\u2464\u2465"}, {"id": "ref-for-relying-party\u2464\u2466"}, {"id": "ref-for-relying-party\u2464\u2467"}, {"id": "ref-for-relying-party\u2464\u2468"}, {"id": "ref-for-relying-party\u2465\u24ea"}, {"id": "ref-for-relying-party\u2465\u2460"}, {"id": "ref-for-relying-party\u2465\u2461"}, {"id": "ref-for-relying-party\u2465\u2462"}, {"id": "ref-for-relying-party\u2465\u2463"}, {"id": "ref-for-relying-party\u2465\u2464"}, {"id": "ref-for-relying-party\u2465\u2465"}, {"id": "ref-for-relying-party\u2465\u2466"}, {"id": "ref-for-relying-party\u2465\u2467"}, {"id": "ref-for-relying-party\u2465\u2468"}, {"id": "ref-for-relying-party\u2466\u24ea"}, {"id": "ref-for-relying-party\u2466\u2460"}, {"id": "ref-for-relying-party\u2466\u2461"}, {"id": "ref-for-relying-party\u2466\u2462"}, {"id": "ref-for-relying-party\u2466\u2463"}, {"id": "ref-for-relying-party\u2466\u2464"}, {"id": "ref-for-relying-party\u2466\u2465"}, {"id": "ref-for-relying-party\u2466\u2466"}, {"id": "ref-for-relying-party\u2466\u2467"}, {"id": "ref-for-relying-party\u2466\u2468"}, {"id": "ref-for-relying-party\u2467\u24ea"}, {"id": "ref-for-relying-party\u2467\u2460"}, {"id": "ref-for-relying-party\u2467\u2461"}, {"id": "ref-for-relying-party\u2467\u2462"}, {"id": "ref-for-relying-party\u2467\u2463"}, {"id": "ref-for-relying-party\u2467\u2464"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-relying-party\u2467\u2465"}, {"id": "ref-for-relying-party\u2467\u2466"}, {"id": "ref-for-relying-party\u2467\u2467"}, {"id": "ref-for-relying-party\u2467\u2468"}, {"id": "ref-for-relying-party\u2468\u24ea"}, {"id": "ref-for-relying-party\u2468\u2460"}, {"id": "ref-for-relying-party\u2468\u2461"}], "title": "5. Web Authentication API"}, {"refs": [{"id": "ref-for-relying-party\u2468\u2462"}, {"id": "ref-for-relying-party\u2468\u2463"}, {"id": "ref-for-relying-party\u2468\u2464"}, {"id": "ref-for-relying-party\u2468\u2465"}, {"id": "ref-for-relying-party\u2468\u2466"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-relying-party\u2468\u2467"}, {"id": "ref-for-relying-party\u2468\u2468"}, {"id": "ref-for-relying-party\u2460\u24ea\u24ea"}, {"id": "ref-for-relying-party\u2460\u24ea\u2460"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-relying-party\u2460\u24ea\u2461"}, {"id": "ref-for-relying-party\u2460\u24ea\u2462"}, {"id": "ref-for-relying-party\u2460\u24ea\u2463"}, {"id": "ref-for-relying-party\u2460\u24ea\u2464"}], "title": "5.1.4. Use an Existing Credential to Make an Assertion - PublicKeyCredential\u2019s [[Get]](options) Method"}, {"refs": [{"id": "ref-for-relying-party\u2460\u24ea\u2465"}, {"id": "ref-for-relying-party\u2460\u24ea\u2466"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-relying-party\u2460\u24ea\u2467"}], "title": "5.1.7. Availability of User-Verifying Platform Authenticator - PublicKeyCredential\u2019s isUserVerifyingPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-relying-party\u2460\u24ea\u2468"}], "title": "5.1.8. Availability of a passkey platform authenticator - PublicKeyCredential\u2019s isPasskeyPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2460\u24ea"}], "title": "5.2. Authenticator Responses (interface AuthenticatorResponse)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2460\u2460"}, {"id": "ref-for-relying-party\u2460\u2460\u2461"}], "title": "5.2.1. Information About Public Key Credential (interface AuthenticatorAttestationResponse)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2460\u2462"}, {"id": "ref-for-relying-party\u2460\u2460\u2463"}, {"id": "ref-for-relying-party\u2460\u2460\u2464"}, {"id": "ref-for-relying-party\u2460\u2460\u2465"}, {"id": "ref-for-relying-party\u2460\u2460\u2466"}, {"id": "ref-for-relying-party\u2460\u2460\u2467"}, {"id": "ref-for-relying-party\u2460\u2460\u2468"}], "title": "5.2.1.1. Easily accessing credential data"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2461\u24ea"}, {"id": "ref-for-relying-party\u2460\u2461\u2460"}, {"id": "ref-for-relying-party\u2460\u2461\u2461"}, {"id": "ref-for-relying-party\u2460\u2461\u2462"}, {"id": "ref-for-relying-party\u2460\u2461\u2463"}, {"id": "ref-for-relying-party\u2460\u2461\u2464"}, {"id": "ref-for-relying-party\u2460\u2461\u2465"}, {"id": "ref-for-relying-party\u2460\u2461\u2466"}, {"id": "ref-for-relying-party\u2460\u2461\u2467"}, {"id": "ref-for-relying-party\u2460\u2461\u2468"}, {"id": "ref-for-relying-party\u2460\u2462\u24ea"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2462\u2460"}, {"id": "ref-for-relying-party\u2460\u2462\u2461"}, {"id": "ref-for-relying-party\u2460\u2462\u2462"}, {"id": "ref-for-relying-party\u2460\u2462\u2463"}, {"id": "ref-for-relying-party\u2460\u2462\u2464"}, {"id": "ref-for-relying-party\u2460\u2462\u2465"}], "title": "5.4.1. Public Key Entity Description (dictionary PublicKeyCredentialEntity)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2462\u2466"}, {"id": "ref-for-relying-party\u2460\u2462\u2467"}], "title": "5.4.2. Relying Party Parameters for Credential Generation (dictionary PublicKeyCredentialRpEntity)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2462\u2468"}, {"id": "ref-for-relying-party\u2460\u2463\u24ea"}, {"id": "ref-for-relying-party\u2460\u2463\u2460"}, {"id": "ref-for-relying-party\u2460\u2463\u2461"}, {"id": "ref-for-relying-party\u2460\u2463\u2462"}], "title": "5.4.3. User Account Parameters for Credential Generation (dictionary PublicKeyCredentialUserEntity)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2463\u2463"}, {"id": "ref-for-relying-party\u2460\u2463\u2464"}, {"id": "ref-for-relying-party\u2460\u2463\u2465"}], "title": "5.4.4. Authenticator Selection Criteria (dictionary AuthenticatorSelectionCriteria)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2463\u2466"}, {"id": "ref-for-relying-party\u2460\u2463\u2467"}, {"id": "ref-for-relying-party\u2460\u2463\u2468"}], "title": "5.4.5. Authenticator Attachment Enumeration (enum AuthenticatorAttachment)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2464\u24ea"}, {"id": "ref-for-relying-party\u2460\u2464\u2460"}, {"id": "ref-for-relying-party\u2460\u2464\u2461"}, {"id": "ref-for-relying-party\u2460\u2464\u2462"}, {"id": "ref-for-relying-party\u2460\u2464\u2463"}, {"id": "ref-for-relying-party\u2460\u2464\u2464"}], "title": "5.4.6. Resident Key Requirement Enumeration (enum ResidentKeyRequirement)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2464\u2465"}, {"id": "ref-for-relying-party\u2460\u2464\u2466"}, {"id": "ref-for-relying-party\u2460\u2464\u2467"}, {"id": "ref-for-relying-party\u2460\u2464\u2468"}, {"id": "ref-for-relying-party\u2460\u2465\u24ea"}, {"id": "ref-for-relying-party\u2460\u2465\u2460"}, {"id": "ref-for-relying-party\u2460\u2465\u2461"}, {"id": "ref-for-relying-party\u2460\u2465\u2462"}], "title": "5.4.7. Attestation Conveyance Preference Enumeration (enum AttestationConveyancePreference)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2465\u2463"}, {"id": "ref-for-relying-party\u2460\u2465\u2464"}, {"id": "ref-for-relying-party\u2460\u2465\u2465"}, {"id": "ref-for-relying-party\u2460\u2465\u2466"}, {"id": "ref-for-relying-party\u2460\u2465\u2467"}, {"id": "ref-for-relying-party\u2460\u2465\u2468"}, {"id": "ref-for-relying-party\u2460\u2466\u24ea"}, {"id": "ref-for-relying-party\u2460\u2466\u2460"}, {"id": "ref-for-relying-party\u2460\u2466\u2461"}, {"id": "ref-for-relying-party\u2460\u2466\u2462"}, {"id": "ref-for-relying-party\u2460\u2466\u2463"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2466\u2464"}], "title": "5.7.3. Authentication Extensions Authenticator Inputs (CDDL type AuthenticationExtensionsAuthenticatorInputs)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2466\u2465"}, {"id": "ref-for-relying-party\u2460\u2466\u2466"}, {"id": "ref-for-relying-party\u2460\u2466\u2467"}, {"id": "ref-for-relying-party\u2460\u2466\u2468"}, {"id": "ref-for-relying-party\u2460\u2467\u24ea"}], "title": "5.8.1. Client Data Used in WebAuthn Signatures (dictionary CollectedClientData)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2467\u2460"}, {"id": "ref-for-relying-party\u2460\u2467\u2461"}], "title": "5.8.3. Credential Descriptor (dictionary PublicKeyCredentialDescriptor)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2467\u2462"}], "title": "5.8.4. Authenticator Transport Enumeration (enum AuthenticatorTransport)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2467\u2463"}, {"id": "ref-for-relying-party\u2460\u2467\u2464"}, {"id": "ref-for-relying-party\u2460\u2467\u2465"}], "title": "5.8.6. User Verification Requirement Enumeration (enum UserVerificationRequirement)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2467\u2466"}, {"id": "ref-for-relying-party\u2460\u2467\u2467"}, {"id": "ref-for-relying-party\u2460\u2467\u2468"}, {"id": "ref-for-relying-party\u2460\u2468\u24ea"}, {"id": "ref-for-relying-party\u2460\u2468\u2460"}, {"id": "ref-for-relying-party\u2460\u2468\u2461"}, {"id": "ref-for-relying-party\u2460\u2468\u2462"}], "title": "5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2468\u2463"}], "title": "5.10. Using Web Authentication within iframe elements"}, {"refs": [{"id": "ref-for-relying-party\u2460\u2468\u2464"}, {"id": "ref-for-relying-party\u2460\u2468\u2465"}, {"id": "ref-for-relying-party\u2460\u2468\u2466"}, {"id": "ref-for-relying-party\u2460\u2468\u2467"}, {"id": "ref-for-relying-party\u2460\u2468\u2468"}], "title": "6. WebAuthn Authenticator Model"}, {"refs": [{"id": "ref-for-relying-party\u2461\u24ea\u24ea"}], "title": "6.1. Authenticator Data"}, {"refs": [{"id": "ref-for-relying-party\u2461\u24ea\u2460"}, {"id": "ref-for-relying-party\u2461\u24ea\u2461"}, {"id": "ref-for-relying-party\u2461\u24ea\u2462"}, {"id": "ref-for-relying-party\u2461\u24ea\u2463"}, {"id": "ref-for-relying-party\u2461\u24ea\u2464"}], "title": "6.1.1. Signature Counter Considerations"}, {"refs": [{"id": "ref-for-relying-party\u2461\u24ea\u2465"}, {"id": "ref-for-relying-party\u2461\u24ea\u2466"}, {"id": "ref-for-relying-party\u2461\u24ea\u2467"}, {"id": "ref-for-relying-party\u2461\u24ea\u2468"}, {"id": "ref-for-relying-party\u2461\u2460\u24ea"}], "title": "6.1.3. Credential Backup State"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2460\u2460"}], "title": "6.2. Authenticator Taxonomy"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2460\u2461"}, {"id": "ref-for-relying-party\u2461\u2460\u2462"}, {"id": "ref-for-relying-party\u2461\u2460\u2463"}], "title": "6.2.2. Credential Storage Modality"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2460\u2464"}, {"id": "ref-for-relying-party\u2461\u2460\u2465"}, {"id": "ref-for-relying-party\u2461\u2460\u2466"}], "title": "6.2.3. Authentication Factor Capability"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2460\u2467"}, {"id": "ref-for-relying-party\u2461\u2460\u2468"}, {"id": "ref-for-relying-party\u2461\u2461\u24ea"}, {"id": "ref-for-relying-party\u2461\u2461\u2460"}, {"id": "ref-for-relying-party\u2461\u2461\u2461"}, {"id": "ref-for-relying-party\u2461\u2461\u2462"}, {"id": "ref-for-relying-party\u2461\u2461\u2463"}], "title": "6.3.2. The authenticatorMakeCredential Operation"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2461\u2464"}, {"id": "ref-for-relying-party\u2461\u2461\u2465"}, {"id": "ref-for-relying-party\u2461\u2461\u2466"}, {"id": "ref-for-relying-party\u2461\u2461\u2467"}], "title": "6.3.3. The authenticatorGetAssertion Operation"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2461\u2468"}], "title": "6.4. String Handling"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2462\u24ea"}, {"id": "ref-for-relying-party\u2461\u2462\u2460"}], "title": "6.4.1. String Truncation"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2462\u2461"}, {"id": "ref-for-relying-party\u2461\u2462\u2462"}, {"id": "ref-for-relying-party\u2461\u2462\u2463"}, {"id": "ref-for-relying-party\u2461\u2462\u2464"}, {"id": "ref-for-relying-party\u2461\u2462\u2465"}, {"id": "ref-for-relying-party\u2461\u2462\u2466"}, {"id": "ref-for-relying-party\u2461\u2462\u2467"}, {"id": "ref-for-relying-party\u2461\u2462\u2468"}], "title": "6.5. Attestation"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2463\u24ea"}, {"id": "ref-for-relying-party\u2461\u2463\u2460"}], "title": "6.5.1. Attestation in assertions"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2463\u2461"}, {"id": "ref-for-relying-party\u2461\u2463\u2462"}, {"id": "ref-for-relying-party\u2461\u2463\u2463"}, {"id": "ref-for-relying-party\u2461\u2463\u2464"}, {"id": "ref-for-relying-party\u2461\u2463\u2465"}], "title": "6.5.4. Attestation Types"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2463\u2466"}, {"id": "ref-for-relying-party\u2461\u2463\u2467"}, {"id": "ref-for-relying-party\u2461\u2463\u2468"}, {"id": "ref-for-relying-party\u2461\u2464\u24ea"}], "title": "7. WebAuthn Relying Party Operations"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2464\u2460"}, {"id": "ref-for-relying-party\u2461\u2464\u2461"}, {"id": "ref-for-relying-party\u2461\u2464\u2462"}, {"id": "ref-for-relying-party\u2461\u2464\u2463"}, {"id": "ref-for-relying-party\u2461\u2464\u2464"}, {"id": "ref-for-relying-party\u2461\u2464\u2465"}, {"id": "ref-for-relying-party\u2461\u2464\u2466"}, {"id": "ref-for-relying-party\u2461\u2464\u2467"}, {"id": "ref-for-relying-party\u2461\u2464\u2468"}, {"id": "ref-for-relying-party\u2461\u2465\u24ea"}, {"id": "ref-for-relying-party\u2461\u2465\u2460"}, {"id": "ref-for-relying-party\u2461\u2465\u2461"}, {"id": "ref-for-relying-party\u2461\u2465\u2462"}, {"id": "ref-for-relying-party\u2461\u2465\u2463"}, {"id": "ref-for-relying-party\u2461\u2465\u2464"}, {"id": "ref-for-relying-party\u2461\u2465\u2465"}, {"id": "ref-for-relying-party\u2461\u2465\u2466"}, {"id": "ref-for-relying-party\u2461\u2465\u2467"}, {"id": "ref-for-relying-party\u2461\u2465\u2468"}, {"id": "ref-for-relying-party\u2461\u2466\u24ea"}, {"id": "ref-for-relying-party\u2461\u2466\u2460"}, {"id": "ref-for-relying-party\u2461\u2466\u2461"}, {"id": "ref-for-relying-party\u2461\u2466\u2462"}, {"id": "ref-for-relying-party\u2461\u2466\u2463"}, {"id": "ref-for-relying-party\u2461\u2466\u2464"}, {"id": "ref-for-relying-party\u2461\u2466\u2465"}], "title": "7.1. Registering a New Credential"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2466\u2466"}, {"id": "ref-for-relying-party\u2461\u2466\u2467"}, {"id": "ref-for-relying-party\u2461\u2466\u2468"}, {"id": "ref-for-relying-party\u2461\u2467\u24ea"}, {"id": "ref-for-relying-party\u2461\u2467\u2460"}, {"id": "ref-for-relying-party\u2461\u2467\u2461"}, {"id": "ref-for-relying-party\u2461\u2467\u2462"}, {"id": "ref-for-relying-party\u2461\u2467\u2463"}, {"id": "ref-for-relying-party\u2461\u2467\u2464"}, {"id": "ref-for-relying-party\u2461\u2467\u2465"}, {"id": "ref-for-relying-party\u2461\u2467\u2466"}, {"id": "ref-for-relying-party\u2461\u2467\u2467"}, {"id": "ref-for-relying-party\u2461\u2467\u2468"}, {"id": "ref-for-relying-party\u2461\u2468\u24ea"}, {"id": "ref-for-relying-party\u2461\u2468\u2460"}, {"id": "ref-for-relying-party\u2461\u2468\u2461"}, {"id": "ref-for-relying-party\u2461\u2468\u2462"}, {"id": "ref-for-relying-party\u2461\u2468\u2463"}, {"id": "ref-for-relying-party\u2461\u2468\u2464"}], "title": "7.2. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2468\u2465"}, {"id": "ref-for-relying-party\u2461\u2468\u2466"}], "title": "8.9. Compound Attestation Statement Format"}, {"refs": [{"id": "ref-for-relying-party\u2461\u2468\u2467"}, {"id": "ref-for-relying-party\u2461\u2468\u2468"}, {"id": "ref-for-relying-party\u2462\u24ea\u24ea"}], "title": "9. WebAuthn Extensions"}, {"refs": [{"id": "ref-for-relying-party\u2462\u24ea\u2460"}], "title": "9.2. Defining Extensions"}, {"refs": [{"id": "ref-for-relying-party\u2462\u24ea\u2461"}, {"id": "ref-for-relying-party\u2462\u24ea\u2462"}, {"id": "ref-for-relying-party\u2462\u24ea\u2463"}], "title": "9.3. Extending Request Parameters"}, {"refs": [{"id": "ref-for-relying-party\u2462\u24ea\u2464"}, {"id": "ref-for-relying-party\u2462\u24ea\u2465"}, {"id": "ref-for-relying-party\u2462\u24ea\u2466"}, {"id": "ref-for-relying-party\u2462\u24ea\u2467"}, {"id": "ref-for-relying-party\u2462\u24ea\u2468"}], "title": "10.1.1. FIDO AppID Extension (appid)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2460\u24ea"}, {"id": "ref-for-relying-party\u2462\u2460\u2460"}], "title": "10.1.2. FIDO AppID Exclusion Extension (appidExclude)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2460\u2461"}, {"id": "ref-for-relying-party\u2462\u2460\u2462"}, {"id": "ref-for-relying-party\u2462\u2460\u2463"}, {"id": "ref-for-relying-party\u2462\u2460\u2464"}, {"id": "ref-for-relying-party\u2462\u2460\u2465"}], "title": "10.1.3. Credential Properties Extension (credProps)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2460\u2466"}, {"id": "ref-for-relying-party\u2462\u2460\u2467"}, {"id": "ref-for-relying-party\u2462\u2460\u2468"}], "title": "10.1.4. Pseudo-random function extension (prf)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2461\u24ea"}, {"id": "ref-for-relying-party\u2462\u2461\u2460"}, {"id": "ref-for-relying-party\u2462\u2461\u2461"}, {"id": "ref-for-relying-party\u2462\u2461\u2462"}, {"id": "ref-for-relying-party\u2462\u2461\u2463"}, {"id": "ref-for-relying-party\u2462\u2461\u2464"}, {"id": "ref-for-relying-party\u2462\u2461\u2465"}, {"id": "ref-for-relying-party\u2462\u2461\u2466"}], "title": "10.1.5. Large blob storage extension (largeBlob)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2461\u2467"}], "title": "10.2.1. User Verification Method Extension (uvm)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2461\u2468"}, {"id": "ref-for-relying-party\u2462\u2462\u24ea"}], "title": "10.2.2. Device-bound public key extension (devicePubKey)"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2462\u2460"}, {"id": "ref-for-relying-party\u2462\u2462\u2461"}, {"id": "ref-for-relying-party\u2462\u2462\u2462"}, {"id": "ref-for-relying-party\u2462\u2462\u2463"}, {"id": "ref-for-relying-party\u2462\u2462\u2464"}, {"id": "ref-for-relying-party\u2462\u2462\u2465"}, {"id": "ref-for-relying-party\u2462\u2462\u2466"}], "title": "10.2.2.1. Relying Party Usage"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2462\u2467"}, {"id": "ref-for-relying-party\u2462\u2462\u2468"}, {"id": "ref-for-relying-party\u2462\u2463\u24ea"}, {"id": "ref-for-relying-party\u2462\u2463\u2460"}, {"id": "ref-for-relying-party\u2462\u2463\u2461"}], "title": "10.2.2.2. Extension Definition"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2463\u2462"}], "title": "10.2.2.2.2. Attestation calculations"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2463\u2463"}], "title": "10.2.2.3. devicePubKey Extension Output Verification Procedures"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2463\u2464"}, {"id": "ref-for-relying-party\u2462\u2463\u2465"}, {"id": "ref-for-relying-party\u2462\u2463\u2466"}, {"id": "ref-for-relying-party\u2462\u2463\u2467"}], "title": "10.2.2.3.1. Registration (create())"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2463\u2468"}, {"id": "ref-for-relying-party\u2462\u2464\u24ea"}, {"id": "ref-for-relying-party\u2462\u2464\u2460"}, {"id": "ref-for-relying-party\u2462\u2464\u2461"}, {"id": "ref-for-relying-party\u2462\u2464\u2462"}, {"id": "ref-for-relying-party\u2462\u2464\u2463"}], "title": "10.2.2.3.2. Authentication (get())"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2464\u2464"}], "title": "12.4. WebAuthn Extension Identifier Registrations"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2464\u2465"}, {"id": "ref-for-relying-party\u2462\u2464\u2466"}, {"id": "ref-for-relying-party\u2462\u2464\u2467"}, {"id": "ref-for-relying-party\u2462\u2464\u2468"}], "title": "13. Security Considerations"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2465\u24ea"}, {"id": "ref-for-relying-party\u2462\u2465\u2460"}], "title": "13.2. Physical Proximity between Client and Authenticator"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2465\u2461"}, {"id": "ref-for-relying-party\u2462\u2465\u2462"}], "title": "13.3.2. Attestation Certificate and Attestation Certificate CA Compromise"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2465\u2463"}], "title": "13.4. Security considerations for Relying Parties"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2465\u2464"}, {"id": "ref-for-relying-party\u2462\u2465\u2465"}, {"id": "ref-for-relying-party\u2462\u2465\u2466"}, {"id": "ref-for-relying-party\u2462\u2465\u2467"}, {"id": "ref-for-relying-party\u2462\u2465\u2468"}, {"id": "ref-for-relying-party\u2462\u2466\u24ea"}], "title": "13.4.1. Security Benefits for WebAuthn Relying Parties"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2466\u2460"}, {"id": "ref-for-relying-party\u2462\u2466\u2461"}, {"id": "ref-for-relying-party\u2462\u2466\u2462"}, {"id": "ref-for-relying-party\u2462\u2466\u2463"}], "title": "13.4.2. Visibility Considerations for Embedded Usage"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2466\u2464"}, {"id": "ref-for-relying-party\u2462\u2466\u2465"}], "title": "13.4.3. Cryptographic Challenges"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2466\u2466"}, {"id": "ref-for-relying-party\u2462\u2466\u2467"}, {"id": "ref-for-relying-party\u2462\u2466\u2468"}, {"id": "ref-for-relying-party\u2462\u2467\u24ea"}, {"id": "ref-for-relying-party\u2462\u2467\u2460"}, {"id": "ref-for-relying-party\u2462\u2467\u2461"}, {"id": "ref-for-relying-party\u2462\u2467\u2462"}, {"id": "ref-for-relying-party\u2462\u2467\u2463"}], "title": "13.4.4. Attestation Limitations"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2467\u2464"}, {"id": "ref-for-relying-party\u2462\u2467\u2465"}, {"id": "ref-for-relying-party\u2462\u2467\u2466"}], "title": "13.4.5. Revoked Attestation Certificates"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2467\u2467"}, {"id": "ref-for-relying-party\u2462\u2467\u2468"}, {"id": "ref-for-relying-party\u2462\u2468\u24ea"}], "title": "13.4.6. Credential Loss and Key Mobility"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2468\u2460"}, {"id": "ref-for-relying-party\u2462\u2468\u2461"}], "title": "13.4.7. Unprotected account detection"}, {"refs": [{"id": "ref-for-relying-party\u2462\u2468\u2462"}, {"id": "ref-for-relying-party\u2462\u2468\u2463"}, {"id": "ref-for-relying-party\u2462\u2468\u2464"}, {"id": "ref-for-relying-party\u2462\u2468\u2465"}, {"id": "ref-for-relying-party\u2462\u2468\u2466"}, {"id": "ref-for-relying-party\u2462\u2468\u2467"}, {"id": "ref-for-relying-party\u2462\u2468\u2468"}, {"id": "ref-for-relying-party\u2463\u24ea\u24ea"}, {"id": "ref-for-relying-party\u2463\u24ea\u2460"}], "title": "13.4.8. Code injection attacks"}, {"refs": [{"id": "ref-for-relying-party\u2463\u24ea\u2461"}, {"id": "ref-for-relying-party\u2463\u24ea\u2462"}, {"id": "ref-for-relying-party\u2463\u24ea\u2463"}, {"id": "ref-for-relying-party\u2463\u24ea\u2464"}, {"id": "ref-for-relying-party\u2463\u24ea\u2465"}, {"id": "ref-for-relying-party\u2463\u24ea\u2466"}, {"id": "ref-for-relying-party\u2463\u24ea\u2467"}], "title": "13.4.9. Validating the origin of a credential"}, {"refs": [{"id": "ref-for-relying-party\u2463\u24ea\u2468"}], "title": "14. Privacy Considerations"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2460\u24ea"}, {"id": "ref-for-relying-party\u2463\u2460\u2460"}, {"id": "ref-for-relying-party\u2463\u2460\u2461"}, {"id": "ref-for-relying-party\u2463\u2460\u2462"}, {"id": "ref-for-relying-party\u2463\u2460\u2463"}, {"id": "ref-for-relying-party\u2463\u2460\u2464"}, {"id": "ref-for-relying-party\u2463\u2460\u2465"}], "title": "14.1. De-anonymization Prevention Measures"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2460\u2466"}, {"id": "ref-for-relying-party\u2463\u2460\u2467"}, {"id": "ref-for-relying-party\u2463\u2460\u2468"}, {"id": "ref-for-relying-party\u2463\u2461\u24ea"}, {"id": "ref-for-relying-party\u2463\u2461\u2460"}, {"id": "ref-for-relying-party\u2463\u2461\u2461"}, {"id": "ref-for-relying-party\u2463\u2461\u2462"}, {"id": "ref-for-relying-party\u2463\u2461\u2463"}, {"id": "ref-for-relying-party\u2463\u2461\u2464"}, {"id": "ref-for-relying-party\u2463\u2461\u2465"}, {"id": "ref-for-relying-party\u2463\u2461\u2466"}], "title": "14.2. Anonymous, Scoped, Non-correlatable Public Key Credentials"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2461\u2467"}, {"id": "ref-for-relying-party\u2463\u2461\u2468"}, {"id": "ref-for-relying-party\u2463\u2462\u24ea"}, {"id": "ref-for-relying-party\u2463\u2462\u2460"}, {"id": "ref-for-relying-party\u2463\u2462\u2461"}], "title": "14.3. Authenticator-local Biometric Recognition"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2462\u2462"}, {"id": "ref-for-relying-party\u2463\u2462\u2463"}, {"id": "ref-for-relying-party\u2463\u2462\u2464"}], "title": "14.5.1. Registration Ceremony Privacy"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2462\u2465"}, {"id": "ref-for-relying-party\u2463\u2462\u2466"}, {"id": "ref-for-relying-party\u2463\u2462\u2467"}], "title": "14.5.2. Authentication Ceremony Privacy"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2462\u2468"}], "title": "14.6. Privacy considerations for Relying Parties"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2463\u24ea"}, {"id": "ref-for-relying-party\u2463\u2463\u2460"}], "title": "14.6.1. User Handle Contents"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2463\u2461"}, {"id": "ref-for-relying-party\u2463\u2463\u2462"}, {"id": "ref-for-relying-party\u2463\u2463\u2463"}, {"id": "ref-for-relying-party\u2463\u2463\u2464"}, {"id": "ref-for-relying-party\u2463\u2463\u2465"}, {"id": "ref-for-relying-party\u2463\u2463\u2466"}, {"id": "ref-for-relying-party\u2463\u2463\u2467"}, {"id": "ref-for-relying-party\u2463\u2463\u2468"}, {"id": "ref-for-relying-party\u2463\u2464\u24ea"}, {"id": "ref-for-relying-party\u2463\u2464\u2460"}, {"id": "ref-for-relying-party\u2463\u2464\u2461"}, {"id": "ref-for-relying-party\u2463\u2464\u2462"}], "title": "14.6.2. Username Enumeration"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2464\u2463"}, {"id": "ref-for-relying-party\u2463\u2464\u2464"}, {"id": "ref-for-relying-party\u2463\u2464\u2465"}, {"id": "ref-for-relying-party\u2463\u2464\u2466"}, {"id": "ref-for-relying-party\u2463\u2464\u2467"}], "title": "14.6.3. Privacy leak via credential IDs"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2464\u2468"}], "title": "15. Accessibility Considerations"}, {"refs": [{"id": "ref-for-relying-party\u2463\u2465\u24ea"}], "title": "15.1. Recommended Range for Ceremony Timeouts"}], "external": false}; window.dfnpanelData['webauthn-relying-party'] = {"dfnID": "webauthn-relying-party", "url": "#webauthn-relying-party", "dfnText": "WebAuthn Relying Party", "refSections": [{"refs": [{"id": "ref-for-webauthn-relying-party\u2460"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2461"}], "title": "1.1. Specification Roadmap"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2462"}], "title": "1.3.1. Registration"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2463"}], "title": "1.3.2. Registration Specifically with User-Verifying Platform Authenticator"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2464"}], "title": "2.3. WebAuthn Relying Parties"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2465"}, {"id": "ref-for-webauthn-relying-party\u2466"}, {"id": "ref-for-webauthn-relying-party\u2467"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2468"}], "title": "5. Web Authentication API"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2460\u24ea"}], "title": "5.1. PublicKeyCredential Interface"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2460\u2460"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2460\u2461"}], "title": "5.1.4. Use an Existing Credential to Make an Assertion - PublicKeyCredential\u2019s [[Get]](options) Method"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2460\u2462"}], "title": "5.1.7. Availability of User-Verifying Platform Authenticator - PublicKeyCredential\u2019s isUserVerifyingPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2460\u2463"}], "title": "5.1.8. Availability of a passkey platform authenticator - PublicKeyCredential\u2019s isPasskeyPlatformAuthenticatorAvailable() Method"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2460\u2464"}], "title": "5.1.9. Deserialize Registration ceremony options - PublicKeyCredential\u2019s parseCreationOptionsFromJSON() Method"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2460\u2465"}], "title": "5.1.10. Deserialize Authentication ceremony options - PublicKeyCredential\u2019s parseRequestOptionsFromJSON() Methods"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2460\u2466"}], "title": "5.2.1. Information About Public Key Credential (interface AuthenticatorAttestationResponse)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2460\u2467"}], "title": "5.2.2. Web Authentication Assertion (interface AuthenticatorAssertionResponse)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2460\u2468"}], "title": "5.4.1. Public Key Entity Description (dictionary PublicKeyCredentialEntity)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2461\u24ea"}], "title": "5.4.4. Authenticator Selection Criteria (dictionary AuthenticatorSelectionCriteria)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2461\u2460"}], "title": "5.4.7. Attestation Conveyance Preference Enumeration (enum AttestationConveyancePreference)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2461\u2461"}], "title": "5.8.1. Client Data Used in WebAuthn Signatures (dictionary CollectedClientData)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2461\u2462"}], "title": "5.8.4. Authenticator Transport Enumeration (enum AuthenticatorTransport)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2461\u2463"}], "title": "5.8.6. User Verification Requirement Enumeration (enum UserVerificationRequirement)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2461\u2464"}], "title": "5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2461\u2465"}], "title": "6. WebAuthn Authenticator Model"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2461\u2466"}], "title": "6.1. Authenticator Data"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2461\u2467"}], "title": "6.1.1. Signature Counter Considerations"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2461\u2468"}], "title": "6.5. Attestation"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2462\u24ea"}, {"id": "ref-for-webauthn-relying-party\u2462\u2460"}], "title": "7. WebAuthn Relying Party Operations"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2462\u2461"}], "title": "8.4. Android Key Attestation Statement Format"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2462\u2462"}], "title": "8.7. None Attestation Statement Format"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2462\u2463"}], "title": "9. WebAuthn Extensions"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2462\u2464"}], "title": "9.2. Defining Extensions"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2462\u2465"}], "title": "9.3. Extending Request Parameters"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2462\u2466"}], "title": "10.1.1. FIDO AppID Extension (appid)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2462\u2467"}], "title": "10.1.2. FIDO AppID Exclusion Extension (appidExclude)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2462\u2468"}], "title": "10.1.3. Credential Properties Extension (credProps)"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2463\u24ea"}], "title": "12.2. WebAuthn Attestation Statement Format Identifier Registrations"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2463\u2460"}, {"id": "ref-for-webauthn-relying-party\u2463\u2461"}], "title": "12.3. WebAuthn Extension Identifier Registrations Updates"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2463\u2462"}, {"id": "ref-for-webauthn-relying-party\u2463\u2463"}], "title": "12.4. WebAuthn Extension Identifier Registrations"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2463\u2464"}], "title": "13. Security Considerations"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2463\u2465"}], "title": "13.1. Credential ID Unsigned"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2463\u2466"}], "title": "13.3.2. Attestation Certificate and Attestation Certificate CA Compromise"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2463\u2467"}], "title": "13.4.1. Security Benefits for WebAuthn Relying Parties"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2463\u2468"}], "title": "13.4.4. Attestation Limitations"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2464\u24ea"}], "title": "14.1. De-anonymization Prevention Measures"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2464\u2460"}], "title": "14.2. Anonymous, Scoped, Non-correlatable Public Key Credentials"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2464\u2461"}], "title": "14.3. Authenticator-local Biometric Recognition"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2464\u2462"}], "title": "14.5.1. Registration Ceremony Privacy"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2464\u2463"}], "title": "14.5.2. Authentication Ceremony Privacy"}, {"refs": [{"id": "ref-for-webauthn-relying-party\u2464\u2464"}], "title": "14.6.2. Username Enumeration"}], "external": false}; window.dfnpanelData['web-application'] = {"dfnID": "web-application", "url": "#web-application", "dfnText": "web application", "refSections": [{"refs": [{"id": "ref-for-web-application\u2460"}], "title": "1. Introduction"}, {"refs": [{"id": "ref-for-web-application\u2461"}, {"id": "ref-for-web-application\u2462"}], "title": "1.1. Specification Roadmap"}, {"refs": [{"id": "ref-for-web-application\u2463"}], "title": "11. User Agent Automation"}, {"refs": [{"id": "ref-for-web-application\u2464"}], "title": "12.4. WebAuthn Extension Identifier Registrations"}, {"refs": [{"id": "ref-for-web-application\u2465"}], "title": "13. Security Considerations"}], "external": false}; window.dfnpanelData['relying-party-identifier'] = {"dfnID": "relying-party-identifier", "url": "#relying-party-identifier", "dfnText": "Relying Party Identifier", "refSections": [{"refs": [{"id": "ref-for-relying-party-identifier"}, {"id": "ref-for-relying-party-identifier\u2460"}, {"id": "ref-for-relying-party-identifier\u2461"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-relying-party-identifier\u2462"}], "title": "5. Web Authentication API"}, {"refs": [{"id": "ref-for-relying-party-identifier\u2463"}], "title": "6.3.5. The silentCredentialDiscovery operation"}], "external": false}; @@ -11369,7 +11372,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content window.dfnpanelData['dom-publickeycredentialcreationoptions-user'] = {"dfnID": "dom-publickeycredentialcreationoptions-user", "url": "#dom-publickeycredentialcreationoptions-user", "dfnText": "user", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-user"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-user\u2460"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-user\u2461"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-user\u2462"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-user\u2463"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-user\u2464"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-user\u2465"}], "title": "7.1. Registering a New Credential"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-user\u2466"}], "title": "13.4.6. Credential Loss and Key Mobility"}], "external": false}; window.dfnpanelData['dom-publickeycredentialcreationoptions-challenge'] = {"dfnID": "dom-publickeycredentialcreationoptions-challenge", "url": "#dom-publickeycredentialcreationoptions-challenge", "dfnText": "challenge", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-challenge"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-challenge\u2460"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-challenge\u2461"}], "title": "7.1. Registering a New Credential"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-challenge\u2462"}], "title": "10.2.2.2. Extension Definition"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-challenge\u2463"}], "title": "13.4.3. Cryptographic Challenges"}], "external": false}; window.dfnpanelData['dom-publickeycredentialcreationoptions-pubkeycredparams'] = {"dfnID": "dom-publickeycredentialcreationoptions-pubkeycredparams", "url": "#dom-publickeycredentialcreationoptions-pubkeycredparams", "dfnText": "pubKeyCredParams", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-pubkeycredparams"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-pubkeycredparams\u2460"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-pubkeycredparams\u2461"}], "title": "5.2.1.1. Easily accessing credential data"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-pubkeycredparams\u2462"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-pubkeycredparams\u2463"}], "title": "7.1. Registering a New Credential"}], "external": false}; -window.dfnpanelData['dom-publickeycredentialcreationoptions-timeout'] = {"dfnID": "dom-publickeycredentialcreationoptions-timeout", "url": "#dom-publickeycredentialcreationoptions-timeout", "dfnText": "timeout", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-timeout"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-timeout\u2460"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-timeout\u2461"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-timeout\u2462"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-timeout\u2463"}], "title": "15. Accessibility Considerations"}], "external": false}; +window.dfnpanelData['dom-publickeycredentialcreationoptions-timeout'] = {"dfnID": "dom-publickeycredentialcreationoptions-timeout", "url": "#dom-publickeycredentialcreationoptions-timeout", "dfnText": "timeout", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-timeout"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-timeout\u2460"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-timeout\u2461"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-timeout\u2462"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-timeout\u2463"}], "title": "15.1. Recommended Range for Ceremony Timeouts"}], "external": false}; window.dfnpanelData['dom-publickeycredentialcreationoptions-excludecredentials'] = {"dfnID": "dom-publickeycredentialcreationoptions-excludecredentials", "url": "#dom-publickeycredentialcreationoptions-excludecredentials", "dfnText": "excludeCredentials", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-excludecredentials"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-excludecredentials\u2460"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-excludecredentials"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-excludecredentials"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-excludecredentials"}], "title": "10.1.2. FIDO AppID Exclusion Extension (appidExclude)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-excludecredentials\u2461"}], "title": "13.4.6. Credential Loss and Key Mobility"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-excludecredentials\u2462"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-excludecredentials\u2463"}], "title": "14.5.1. Registration Ceremony Privacy"}], "external": false}; window.dfnpanelData['dom-publickeycredentialcreationoptions-authenticatorselection'] = {"dfnID": "dom-publickeycredentialcreationoptions-authenticatorselection", "url": "#dom-publickeycredentialcreationoptions-authenticatorselection", "dfnText": "authenticatorSelection", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2460"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2461"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2462"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2463"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2464"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2465"}, {"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2466"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2467"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2468"}], "title": "5.4.6. Resident Key Requirement Enumeration (enum ResidentKeyRequirement)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-authenticatorselection\u2460\u24ea"}], "title": "10.1.5. Large blob storage extension (largeBlob)"}], "external": false}; window.dfnpanelData['dom-publickeycredentialcreationoptions-hints'] = {"dfnID": "dom-publickeycredentialcreationoptions-hints", "url": "#dom-publickeycredentialcreationoptions-hints", "dfnText": "hints", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-hints"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialcreationoptions-hints\u2460"}], "title": "5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"}], "external": false}; @@ -11403,7 +11406,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content window.dfnpanelData['dom-attestationconveyancepreference-enterprise'] = {"dfnID": "dom-attestationconveyancepreference-enterprise", "url": "#dom-attestationconveyancepreference-enterprise", "dfnText": "enterprise", "refSections": [{"refs": [{"id": "ref-for-dom-attestationconveyancepreference-enterprise"}, {"id": "ref-for-dom-attestationconveyancepreference-enterprise\u2460"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-attestationconveyancepreference-enterprise\u2461"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-dom-attestationconveyancepreference-enterprise\u2462"}], "title": "5.4.7. Attestation Conveyance Preference Enumeration (enum AttestationConveyancePreference)"}, {"refs": [{"id": "ref-for-dom-attestationconveyancepreference-enterprise\u2463"}], "title": "6.3.2. The authenticatorMakeCredential Operation"}, {"refs": [{"id": "ref-for-dom-attestationconveyancepreference-enterprise\u2464"}], "title": "6.3.3. The authenticatorGetAssertion Operation"}], "external": false}; window.dfnpanelData['dictdef-publickeycredentialrequestoptions'] = {"dfnID": "dictdef-publickeycredentialrequestoptions", "url": "#dictdef-publickeycredentialrequestoptions", "dfnText": "PublicKeyCredentialRequestOptions", "refSections": [{"refs": [{"id": "ref-for-dictdef-publickeycredentialrequestoptions"}], "title": "5.1.2. CredentialRequestOptions Dictionary Extension"}, {"refs": [{"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2460"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2461"}, {"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2462"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2463"}, {"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2464"}, {"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2465"}, {"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2466"}], "title": "5.1.10. Deserialize Authentication ceremony options - PublicKeyCredential\u2019s parseRequestOptionsFromJSON() Methods"}, {"refs": [{"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2467"}, {"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2468"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2460\u24ea"}], "title": "5.8.1.2. Limited Verification Algorithm"}, {"refs": [{"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2460\u2460"}], "title": "6.5. Attestation"}, {"refs": [{"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2460\u2461"}], "title": "7. WebAuthn Relying Party Operations"}, {"refs": [{"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2460\u2462"}], "title": "7.2. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2460\u2463"}], "title": "13.4.3. Cryptographic Challenges"}, {"refs": [{"id": "ref-for-dictdef-publickeycredentialrequestoptions\u2460\u2464"}], "title": "14.6.2. Username Enumeration"}], "external": false}; window.dfnpanelData['dom-publickeycredentialrequestoptions-challenge'] = {"dfnID": "dom-publickeycredentialrequestoptions-challenge", "url": "#dom-publickeycredentialrequestoptions-challenge", "dfnText": "challenge", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-challenge"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-challenge\u2460"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-challenge\u2461"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-challenge\u2462"}], "title": "7.2. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-challenge\u2463"}], "title": "13.4.3. Cryptographic Challenges"}], "external": false}; -window.dfnpanelData['dom-publickeycredentialrequestoptions-timeout'] = {"dfnID": "dom-publickeycredentialrequestoptions-timeout", "url": "#dom-publickeycredentialrequestoptions-timeout", "dfnText": "timeout", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-timeout"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-timeout\u2460"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-timeout\u2461"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-timeout\u2462"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-timeout\u2463"}], "title": "15. Accessibility Considerations"}], "external": false}; +window.dfnpanelData['dom-publickeycredentialrequestoptions-timeout'] = {"dfnID": "dom-publickeycredentialrequestoptions-timeout", "url": "#dom-publickeycredentialrequestoptions-timeout", "dfnText": "timeout", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-timeout"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-timeout\u2460"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-timeout\u2461"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-timeout\u2462"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-timeout\u2463"}], "title": "15.1. Recommended Range for Ceremony Timeouts"}], "external": false}; window.dfnpanelData['dom-publickeycredentialrequestoptions-rpid'] = {"dfnID": "dom-publickeycredentialrequestoptions-rpid", "url": "#dom-publickeycredentialrequestoptions-rpid", "dfnText": "rpId", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-rpid"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-rpid\u2460"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-rpid\u2461"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-rpid\u2462"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-rpid\u2463"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-rpid\u2464"}], "title": "10.1.1. FIDO AppID Extension (appid)"}], "external": false}; window.dfnpanelData['dom-publickeycredentialrequestoptions-allowcredentials'] = {"dfnID": "dom-publickeycredentialrequestoptions-allowcredentials", "url": "#dom-publickeycredentialrequestoptions-allowcredentials", "dfnText": "allowCredentials", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2460"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2461"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2462"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2463"}], "title": "4. Terminology"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2464"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2465"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2466"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2467"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2468"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2460\u24ea"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2460\u2460"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2460\u2461"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2460\u2462"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2460\u2463"}], "title": "5.2.2. Web Authentication Assertion (interface AuthenticatorAssertionResponse)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2460\u2464"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2460\u2465"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2460\u2466"}], "title": "5.8.3. Credential Descriptor (dictionary PublicKeyCredentialDescriptor)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2460\u2467"}], "title": "6.2.2. Credential Storage Modality"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2460\u2468"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2461\u24ea"}], "title": "7.2. Verifying an Authentication Assertion"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2461\u2460"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2461\u2461"}], "title": "10.1.1. FIDO AppID Extension (appid)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2461\u2462"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2461\u2463"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2461\u2464"}], "title": "10.1.4. Pseudo-random function extension (prf)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2461\u2465"}], "title": "10.1.5. Large blob storage extension (largeBlob)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2461\u2466"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2461\u2467"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2461\u2468"}], "title": "13.4.7. Unprotected account detection"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2462\u24ea"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2462\u2460"}], "title": "14.5.2. Authentication Ceremony Privacy"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2462\u2461"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2462\u2462"}], "title": "14.6.2. Username Enumeration"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2462\u2463"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2462\u2464"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2462\u2465"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2462\u2466"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-allowcredentials\u2462\u2467"}], "title": "14.6.3. Privacy leak via credential IDs"}], "external": false}; window.dfnpanelData['dom-publickeycredentialrequestoptions-userverification'] = {"dfnID": "dom-publickeycredentialrequestoptions-userverification", "url": "#dom-publickeycredentialrequestoptions-userverification", "dfnText": "userVerification", "refSections": [{"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-userverification"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-userverification\u2460"}], "title": "5.1.4.2. Issuing a Credential Request to an Authenticator"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-userverification\u2461"}, {"id": "ref-for-dom-publickeycredentialrequestoptions-userverification\u2462"}], "title": "5.5. Options for Assertion Generation (dictionary PublicKeyCredentialRequestOptions)"}, {"refs": [{"id": "ref-for-dom-publickeycredentialrequestoptions-userverification\u2463"}], "title": "7.2. Verifying an Authentication Assertion"}], "external": false}; @@ -11608,6 +11611,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content window.dfnpanelData['remove-all-credentials'] = {"dfnID": "remove-all-credentials", "url": "#remove-all-credentials", "dfnText": "Remove All Credentials", "refSections": [{"refs": [{"id": "ref-for-remove-all-credentials"}], "title": "11.8. Remove All Credentials"}], "external": false}; window.dfnpanelData['set-user-verified'] = {"dfnID": "set-user-verified", "url": "#set-user-verified", "dfnText": "Set User Verified", "refSections": [{"refs": [{"id": "ref-for-set-user-verified"}], "title": "11.9. Set User Verified"}], "external": false}; window.dfnpanelData['ui-redressing'] = {"dfnID": "ui-redressing", "url": "#ui-redressing", "dfnText": "UI Redressing", "refSections": [{"refs": [{"id": "ref-for-ui-redressing"}], "title": "5.10. Using Web Authentication within iframe elements"}, {"refs": [{"id": "ref-for-ui-redressing\u2460"}], "title": "13.4.2. Visibility Considerations for Embedded Usage"}], "external": false}; +window.dfnpanelData['recommended-range-and-default-for-a-webauthn-ceremony-timeout'] = {"dfnID": "recommended-range-and-default-for-a-webauthn-ceremony-timeout", "url": "#recommended-range-and-default-for-a-webauthn-ceremony-timeout", "dfnText": "recommended range and default for a WebAuthn ceremony timeout", "refSections": [{"refs": [{"id": "ref-for-recommended-range-and-default-for-a-webauthn-ceremony-timeout"}], "title": "5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-recommended-range-and-default-for-a-webauthn-ceremony-timeout\u2460"}], "title": "5.1.4.1. PublicKeyCredential\u2019s [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) Method"}, {"refs": [{"id": "ref-for-recommended-range-and-default-for-a-webauthn-ceremony-timeout\u2461"}], "title": "13.4.3. Cryptographic Challenges"}], "external": false}; </script> <script>/* Boilerplate: script-dom-helper */ function query(sel) { return document.querySelector(sel); }