Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support FIDO MDS v3 #10

Merged
merged 1 commit into from
Oct 29, 2023
Merged

Support FIDO MDS v3 #10

merged 1 commit into from
Oct 29, 2023

Conversation

santiagorodriguez96
Copy link
Contributor

Summary

Attempts to fix #7. Following this comment, dropped v2 in favor of v3.

Overall, the changes are:

  • Now all the metadata comes as one BLOB file – there's no need to download multiple TOC files anymore. The entries of the BLOB file now contain a metadataStatement key which contains the metadata object.
  • A token is no longer needed to access to MDS.
  • Updated root certificate - downloaded from https://mds.fidoalliance.org/.
  • Changes to Metadata Statement:
    • authenticationAlgorithms and publicKeyAlgAndEncodings replaced authenticationAlgorithm and publicKeyAlgAndEncoding respectively.
    • assertionScheme, operatingEnv, isSecondFactorOnly fields were removed.
    • schema and authenticatorGetInfo fields were added.
    • attestationTypes, userVerificationDetails, keyProtection, matcherProtection, attachmentHint, tcDisplay numerical fields became string.

References

@santiagorodriguez96
Copy link
Contributor Author

@bdewater it seems that the changes released in v0.4.0 were not merged into main. I've already fixed the conflicts on an alternative branch in case you decide to merge them 🙂

@santiagorodriguez96
feat: use MDS v3
8280a2a 
- Now all the metadata comes as one BLOB file – there's no need to download multiple TOC files anymore.
- A token is no longer needed to access to MDS.
- Updated root certificate - downloaded from https://mds.fidoalliance.org/.
- Changes to Metadata Statement:
    - authenticationAlgorithms and publicKeyAlgAndEncodings replaced authenticationAlgorithm and publicKeyAlgAndEncoding respectively.
    - assertionScheme, operatingEnv, isSecondFactorOnly fields were removed.
    - schema and authenticatorGetInfo fields were added.
    - attestationTypes, userVerificationDetails, keyProtection, matcherProtection, attachmentHint, tcDisplay numerical fields became string.
@bdewater
Copy link
Owner

bdewater commented Oct 4, 2023

Thank you so much! I'll try to get to this and the other open PRs by end of week.

@santiagorodriguez96 santiagorodriguez96 mentioned this pull request Oct 13, 2023
Open
@bdewater bdewater merged commit 43feaa3 into bdewater:main Oct 29, 2023
8 checks passed
@bdewater
Copy link
Owner

Thanks again and sorry for the delay! I can cut an RC release for cedarcode/webauthn-ruby#407 if that helps.

@santiagorodriguez96
Copy link
Contributor Author

That would be great! Thank you! ❤️

@santiagorodriguez96 santiagorodriguez96 deleted the sr--support-FIDO-metadata-msd3 branch November 3, 2023 17:23
@santiagorodriguez96
Copy link
Contributor Author

Thanks again and sorry for the delay! I can cut an RC release for cedarcode/webauthn-ruby#407 if that helps.

@bdewater Hi! Hope you’re doing well! Just bumping this up in case it fell through the cracks :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support FIDO metadata service version 3 for attestations
2 participants
@santiagorodriguez96 @bdewater