rfc8809xml2.original.xml   rfc8809.xml 
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "http://xml2rfc.tools.ietf.org/authoring/rfc2629.dtd" [ <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
<!ENTITY rfc2119 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.2119.xml">
<!ENTITY rfc5234 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.5234.xml">
<!ENTITY rfc8126 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8126.xml">
<!ENTITY rfc8174 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8174.xml">
]>
<?xml-stylesheet type="text/xsl" href="http://xml2rfc.tools.ietf.org/authoring/r
fc2629.xslt" ?>
<?rfc compact="yes" ?>
<?rfc subcompact="yes" ?>
<?rfc toc="yes" ?>
<?rfc sortrefs="yes" ?>
<?rfc symrefs="yes" ?>
<!-- <rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF"
-00a: initial version based on RFC5988 category="info" consensus="true" ipr="trust200902"
-00b: adapt 5988bis per mnot's suggestion: draft-nottingham-rfc5988bis-01 docName="draft-hodges-webauthn-registries-10" number="8809" obsoletes=""
* 'attestation type' -> 'attestation format' updates="" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true"
* updated to latest extension id format, adjusted list of registered ext version="3">
ensions to
match [WebAuthn] editors' draft.
-00c: ?
-00d: Let initial values be in the [WebAuthn] spec, rather than here.
<rfc category="info" ipr="trust200902" docName="draft-hodges-webauthn-registries -10"> <!-- xml2rfc v2v3 conversion 2.45.2 -->
<front> <front>
<title>Registries for Web Authentication (WebAuthn)</title> <title>Registries for Web Authentication (WebAuthn)</title>
<seriesInfo name="RFC" value="8809"/>
<author initials="J." surname="Hodges" fullname="Jeff Hodges"> <author initials="J." surname="Hodges" fullname="Jeff Hodges">
<organization>Google</organization> <organization>Google</organization>
<address> <address>
<postal> <postal>
<street>1600 Amphitheater Parkway</street> <street>1600 Amphitheatre Parkway</street>
<city>Mountain View</city> <city>Mountain View</city>
<region>California</region> <region>CA</region>
<code>94043</code> <code>94043</code>
<country>US</country> <country>United States of America</country>
</postal> </postal>
<email>jdhodges@google.com</email> <email>jdhodges@google.com</email>
<uri>https://kingsmountain.com/people/Jeff.Hodges/</uri> <uri>https://kingsmountain.com/people/Jeff.Hodges/</uri>
</address> </address>
</author> </author>
<author fullname="Giridhar Mandyam" initials="G." surname="Mandyam">
<author fullname="Giridhar Mandyam" initials="G.D."
surname="Mandyam">
<organization>Qualcomm Technologies Inc.</organization> <organization>Qualcomm Technologies Inc.</organization>
<address> <address>
<postal> <postal>
<street>5775 Morehouse Drive</street> <street>5775 Morehouse Drive</street>
<city>San Diego</city> <city>San Diego</city>
<region>California</region> <region>CA</region>
<code>92121</code> <code>92121</code>
<country>USA</country> <country>United States of America</country>
</postal> </postal>
<phone>+1 858 651 7200</phone> <phone>+1 858 651 7200</phone>
<email>mandyam@qti.qualcomm.com</email> <email>mandyam@qti.qualcomm.com</email>
</address> </address>
</author> </author>
<author fullname="Michael B. Jones" initials="M." surname="Jones">
<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
<organization abbrev="Microsoft">Microsoft</organization> <organization abbrev="Microsoft">Microsoft</organization>
<address> <address>
<email>mbj@microsoft.com</email> <email>mbj@microsoft.com</email>
<uri>https://self-issued.info/</uri> <uri>https://self-issued.info/</uri>
</address> </address>
</author> </author>
<date month="August" year="2020"/>
<date month="June" year="2020" />
<area>Security</area> <area>Security</area>
<workgroup>W3C WebAuthn Working Group</workgroup> <workgroup>W3C WebAuthn Working Group</workgroup>
<keyword>webauthn</keyword> <keyword>webauthn</keyword>
<keyword>attestation</keyword> <keyword>attestation</keyword>
<keyword>extensions</keyword> <keyword>extensions</keyword>
<keyword>registry</keyword> <keyword>registry</keyword>
<abstract> <abstract>
<t> <t>
This specification defines IANA registries for W3C Web Authentication This specification defines IANA registries for W3C Web Authentication (W ebAuthn)
attestation statement format identifiers and extension identifiers. attestation statement format identifiers and extension identifiers.
</t> </t>
</abstract> </abstract>
<note title="Note to Readers">
<t><spanx style="emph">RFC EDITOR: please remove this section before publication
</spanx></t>
<t>This is a work-in-progress.</t>
<t>The issues list can be found at
<eref target="https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+labe
l%3Aspec%3Awebauthn-registries">
https://github.com/w3c/webauthn/issues?q=is%3Aopen+is%3Aissue+label%3Aspec%3Aweb
authn-registries
</eref>.</t>
<t>The most recent _published_ draft revision is at
<eref target="https://tools.ietf.org/html/draft-hodges-webauthn-registries">
https://tools.ietf.org/html/draft-hodges-webauthn-registries</eref>.</t>
<t>The editors&apos; draft is at
<eref target="https://github.com/w3c/webauthn/blob/master/draft-hodges-webauthn-
registries.txt">
https://github.com/w3c/webauthn/blob/master/draft-hodges-webauthn-registries.txt
</eref></t>
<t>Changes in the editors&apos; draft, both proposed and incorporated, are liste
d at
<eref target="https://github.com/w3c/webauthn/pulls?q=is%3Apr+label%3Aspec%3Aweb
authn-registries">
https://github.com/w3c/webauthn/pulls?q=is%3Apr+label%3Aspec%3Awebauthn-registri
es
</eref></t>
</note>
</front> </front>
<middle> <middle>
<section anchor="Introduction" title="Introduction"> <section anchor="Introduction" numbered="true" toc="default">
<name>Introduction</name>
<t> <t>
This specification establishes IANA registries for W3C Web Authenticatio This specification establishes IANA registries for W3C Web
n <xref Authentication <xref target="WebAuthn" format="default"/> attestation
target="WebAuthn"/> attestation statement format identifiers and extensi statement format identifiers and extension identifiers. The initial
on identifiers. values for these registries are in the IANA Considerations section of
The initial values for these registries are in the IANA Considerations the <xref target="WebAuthn" format="default"/> specification.
section of the <xref target="WebAuthn"/> specification.
</t> </t>
<section anchor="rnc" numbered="true" toc="default">
<section anchor="rnc" title="Requirements Notation and Conventions"> <name>Requirements Notation and Conventions</name>
<t> <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
"OPTIONAL" in this document are to be interpreted as described in "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document
only when, they appear in all capitals, as shown here. are to be interpreted as described in BCP 14 <xref target="RFC2119"
</t> format="default"/> <xref target="RFC8174" format="default"/> when, and
only when, they appear in all capitals, as shown here.</t>
</section> </section>
</section> </section>
<section anchor="sctn-iana-cons" numbered="true" toc="default">
<section title="IANA Considerations" anchor="sctn-iana-cons"> <name>IANA Considerations</name>
<t> <t>This specification establishes two registries:</t>
This specification establishes two registries: <ul spacing="normal">
<list style="symbols"> <li>the "WebAuthn Attestation Statement Format Identifiers" registry
<t> (see <xref target="sctn-attstn-format-registry"
the "WebAuthn Attestation Statement Format Identifier" registry; see format="default"/>)</li>
<xref target="sctn-attstn-format-registry"/>. <li>the "WebAuthn Extension Identifiers" registry (see <xref
</t> target="sctn-extension-ident-registry" format="default"/>)</li>
<t> </ul>
the "WebAuthn Extension Identifier" registry; <t>Any additional processes established by the expert(s) after the
see <xref target="sctn-extension-ident-registry" />. publication of this document will be recorded on the registry web page
</t> at the discretion of the expert(s).</t>
</list> <section anchor="sctn-attstn-format-registry" numbered="true" toc="default
</t> ">
<t> <name>WebAuthn Attestation Statement Format Identifiers Registry</name>
[[ Per discussions in an email thread between the authors and IANA ( "[IA
NA #1154148]" ),
it is requested that the registries be located at
&lt;https://www.iana.org/assignments/webauthn&gt;.
RFC Editor - please delete this request after the registries have been cr
eated. ]]
</t>
<t>
Any additional processes established by the expert(s) after the publicati
on of this document
will be recorded on the registry Web page at the expert(s)' discretion.
</t>
<section title="WebAuthn Attestation Statement Format Identifier Registry"
anchor="sctn-attstn-format-registry">
<t> <t>
WebAuthn attestation statement format identifiers are strings whose se mantic, syntactic, WebAuthn attestation statement format identifiers are strings whose se mantic, syntactic,
and string-matching criteria are specified in <xref target="WebAuthn"/ > and string-matching criteria are specified in the
<eref target="https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#sctn -attstn-fmt-ids"> <eref target="https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#sctn -attstn-fmt-ids">
"Attestation Statement Format Identifiers"</eref>, "Attestation Statement Format Identifiers"</eref> section of <xref tar get="WebAuthn" format="default"/>,
along with the concepts of attestation and attestation statement forma ts. along with the concepts of attestation and attestation statement forma ts.
</t> </t>
<t> <t>
Registered attestation statement format identifiers are those that hav e been added to the Registered attestation statement format identifiers are those that hav e been added to the
registry by following the procedure in registry by following the procedure in
<xref target="sctn-registering-attstn-format-idents"/>. <xref target="sctn-registering-attstn-format-idents" format="default"/
</t> >.
<t>
Each attestation statement format identifier added to this registry MU
ST be unique amongst
the set of registered attestation statement format identifiers.
</t>
<t>
Registered attestation statement format identifiers MUST be a maximum
of 32 octets in length
and MUST consist only of printable ASCII <xref target="RFC20"/> charac
ters, excluding backslash and doublequote,
i.e., VCHAR as defined in <xref target="RFC5234"/> but without %x22 an
d %x5c.
Attestation statement format identifiers are case sensitive
and may not match other registered identifiers in a
case-insensitive manner unless the Designated Experts determine that t
here is a compelling
reason to allow an exception.
</t> </t>
<t>Each attestation statement format identifier added to this registry
<section title="Registering Attestation Statement Format Identifiers" <bcp14>MUST</bcp14> be unique amongst the set of registered
anchor="sctn-registering-attstn-format-idents"> attestation statement format identifiers.</t>
<t> <t>Registered attestation statement format identifiers
WebAuthn attestation statement format identifiers are registered usi <bcp14>MUST</bcp14> be a maximum of 32 octets in length and
ng the <bcp14>MUST</bcp14> consist only of printable ASCII <xref
Specification Required policy (see Section 4.6 of <xref target="RFC8 target="RFC0020" format="default"/> characters, excluding backslash
126"/>). and double quote, i.e., VCHAR as defined in <xref target="RFC5234"
</t> format="default"/> but without %x22 and %x5c. Attestation statement
format identifiers are case sensitive and may not match other
registered identifiers in a case-insensitive manner unless the
designated experts determine that there is a compelling reason to
allow an exception.</t>
<section anchor="sctn-registering-attstn-format-idents" numbered="true"
toc="default">
<name>Registering Attestation Statement Format Identifiers</name>
<t>WebAuthn attestation statement format identifiers are registered
using the Specification Required policy (see <xref target="RFC8126"
section="4.6" sectionFormat="of"/>).</t>
<t> <t>
The WebAuthn attestation statement format identifiers registry is lo The "WebAuthn Attestation Statement Format Identifiers" registry is
cated at located at
<eref target="https://www.iana.org/assignments/webauthn">https://www <eref target="https://www.iana.org/assignments/webauthn" brackets="a
.iana.org/assignments/webauthn</eref>. ngle"/>.
Registration requests can be made by following the instructions loca Registration requests can be made by following the instructions loca
ted there, or by ted there or by
sending an e-mail to the webauthn-reg-review@ietf.org mailing list. sending an email to the webauthn-reg-review@ietf.org mailing list.
</t> </t>
<t>
Registration requests consist of at least the following information: <t> Registration requests consist of at least the following informatio
<list style="symbols" > n:</t>
<t> <dl newline="true">
WebAuthn Attestation Statement Format Identifier: <dt>WebAuthn Attestation Statement Format Identifier:</dt>
<vspace/> <dd>An identifier meeting the requirements given in
An identifier meeting the requirements given above in <xref target="sctn-attstn-format-registry"
<xref target="sctn-attstn-format-registry"/>. format="default"/>.</dd>
</t> <dt>Description:</dt>
<t> <dd>A relatively short description of the attestation format.</d
Description: d>
<vspace/> <dt>Specification Document(s):</dt>
A relatively short description of the attestation format. <dd>Reference to the document or documents that specify the
</t> attestation statement format.</dd>
<t> <dt>Change Controller:</dt>
Specification Document(s): <dd>For Standards Track RFCs, list "IETF". For others, give the
<vspace/> name of the
Reference to the document or documents that specify the attestat
ion statement format.
</t>
<t>
Change Controller:
<vspace/>
For Standards Track RFCs, list the "IETF". For others, give the
name of the
responsible party. Other details (e.g., postal address, email ad dress, home page responsible party. Other details (e.g., postal address, email ad dress, home page
URI) may also be included. URI) may also be included.</dd>
</t> <dt>Notes:</dt>
<t> <dd>[optional]</dd>
Notes: </dl>
<vspace/>
[optional] <t>Registrations <bcp14>MUST</bcp14> reference a freely available,
</t> stable specification, e.g., as described in <xref target="RFC8126"
</list> section="4.6" sectionFormat="of"/>. This specification
</t> <bcp14>MUST</bcp14> include security and privacy considerations
<t> relevant to the attestation statement format.</t>
Registrations MUST reference a freely available, stable specificatio
n, e.g., as
described in Section 4.6 of <xref target="RFC8126"/>.
This specification MUST include security and privacy considerations
relevant to the attestation statement format.
</t>
<t> <t>
Note that WebAuthn attestation statement format identifiers can be r egistered by third Note that WebAuthn attestation statement format identifiers can be r egistered by third
parties (including the expert(s) themselves), if the expert(s) deter mine that an parties (including the expert(s) themselves), if the expert(s) deter mines that an
unregistered attestation statement format is widely deployed and not likely to be unregistered attestation statement format is widely deployed and not likely to be
registered in a timely manner otherwise. registered in a timely manner otherwise.
Such registrations still are subject to the requirements defined, in cluding the need to Such registrations still are subject to the requirements defined, in cluding the need to
reference a specification. reference a specification.
</t> </t>
</section> </section>
<section anchor="sctn-registering-attstn-format-idents-processing"
<section title="Registration Request Processing" numbered="true" toc="default">
anchor="sctn-registering-attstn-format-idents-processing"> <name>Registration Request Processing</name>
<t> <t>
As noted in <xref target="sctn-registering-attstn-format-idents"/>, As noted in <xref target="sctn-registering-attstn-format-idents" for mat="default"/>,
WebAuthn attestation statement format identifiers are registered usi ng the WebAuthn attestation statement format identifiers are registered usi ng the
Specification Required policy. Specification Required policy.
</t> </t>
<t> <t>
The expert(s) will clearly identify any issues that cause a registra tion to be refused, The expert(s) will clearly identify any issues that cause a registra tion to be refused,
such as an incompletely specified attestation format. such as an incompletely specified attestation format.
</t> </t>
<t> <t>
When a request is approved, the expert(s) will inform IANA, and the registration will When a request is approved, the expert(s) will inform IANA, and the registration will
be processed. be processed.
The IESG is the arbiter of any objection. The IESG is the arbiter of any objection.
</t> </t>
</section> </section>
<section anchor="sctn-attstn-format-registry-values" numbered="true" toc
<section title="Initial WebAuthn Attestation Statement Format Identifier ="default">
Registry Values" <name>Initial Values in the WebAuthn Attestation Statement Format Iden
anchor="sctn-attstn-format-registry-values"> tifiers Registry</name>
<t> <t>
The initial values for the WebAuthn Attestation Statement Format Ide The initial values for the "WebAuthn Attestation Statement Format
ntifier Registry are Identifiers" registry have been
to be populated from the values listed in populated with the values listed in the
<eref target="https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#sc tn-att-fmt-reg"> <eref target="https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#sc tn-att-fmt-reg">
"WebAuthn Attestation Statement Format Identifier Registrations"</er "WebAuthn Attestation Statement Format Identifier
ef> Registrations"</eref> section
of <xref target="WebAuthn"/>. of <xref target="WebAuthn" format="default"/>.
Also, the Change Controller entry to be used for each of those regist Also, the Change Controller entry for each of those registrations is:
rations is:
<list style='symbols'>
<t>
Change Controller: W3C Web Authentication Working Group - public&
#8209;webauthn@w3.org
</t>
</list>
</t> </t>
<dl newline="true">
<dt>Change Controller:</dt>
<dd> W3C Web Authentication Working Group (public&nbhy;webauthn@w3.org)
</dd>
</dl>
</section> </section>
</section>
</section> <!-- Attestation Statement Format Identifier Registry --> <section anchor="sctn-extension-ident-registry" numbered="true" toc="defau
lt">
<section title="WebAuthn Extension Identifier Registry" <name>WebAuthn Extension Identifiers Registry</name>
anchor="sctn-extension-ident-registry">
<t> <t>
WebAuthn extension identifiers are strings whose semantic, syntactic, WebAuthn extension identifiers are strings whose semantic, syntactic,
and string-matching criteria are specified in <xref target="WebAuthn"/ > and string-matching criteria are specified in the
<eref target="https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#sctn -extension-id"> <eref target="https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#sctn -extension-id">
"Extension Identifiers" </eref>. "Extension Identifiers" </eref> section of <xref target="WebAuthn" for mat="default"/>.
</t> </t>
<t> <t>
Registered extension identifiers are those that have been added to the Registered extension identifiers are those that have been added to the
registry by following the procedure in registry by following the procedure in
<xref target="sctn-registering-extension-idents"/>. <xref target="sctn-registering-extension-idents" format="default"/>.
</t> </t>
<t> <t>
Each extension identifier added to this registry MUST be unique Each extension identifier added to this registry <bcp14>MUST</bcp14> b e unique
amongst the set of registered extension identifiers. amongst the set of registered extension identifiers.
</t> </t>
<t> <t>Registered extension identifiers <bcp14>MUST</bcp14> be a maximum
Registered extension identifiers MUST be a maximum of 32 octets in len of 32 octets in length and <bcp14>MUST</bcp14> consist only of
gth and MUST printable ASCII characters, excluding backslash and double quote,
consist only of printable ASCII characters, excluding backslash and do i.e., VCHAR as defined in <xref target="RFC5234" format="default"/>
ublequote, but without %x22 and %x5c. Extension identifiers are case sensitive
i.e., VCHAR as defined in <xref target="RFC5234"/> but without %x22 an and may not match other registered identifiers in a case-insensitive
d %x5c. manner unless the designated experts determine that there is a
Extension identifiers are case sensitive compelling reason to allow an exception.</t>
and may not match other registered identifiers in a case-insensitive m <section anchor="sctn-registering-extension-idents" numbered="true" toc=
anner "default">
unless the Designated Experts determine that there is a compelling rea <name>Registering Extension Identifiers</name>
son <t>WebAuthn extension identifiers are registered using the
to allow an exception. Specification Required policy (see <xref target="RFC8126"
</t> section="4.6" sectionFormat="of"/>).</t>
<t>The "WebAuthn Extension Identifiers" registry is located at <eref
<section title="Registering Extension Identifiers" target="https://www.iana.org/assignments/webauthn"
anchor="sctn-registering-extension-idents"> brackets="angle"/>. Registration requests can be made by following
<t> the instructions located there or by sending an email to the
WebAuthn extension identifiers registry are registered using the webauthn-reg-review@ietf.org mailing list.</t>
Specification Required policy (see Section 4.6 of <xref target="RFC8 <t>Registration requests consist of at least the following information:<
126"/>). /t>
</t> <dl newline="true">
<t> <dt>WebAuthn Extension Identifier:</dt>
The WebAuthn extension identifiers registry is located at <dd>An identifier meeting the requirements given in
https://www.iana.org/assignments/webauthn. <xref target="sctn-extension-ident-registry"
Registration requests can be made by following the instructions loca format="default"/>.</dd>
ted there, or by <dt>Description:</dt>
sending an e-mail to the webauthn-reg-review@ietf.org mailing list. <dd>A relatively short description of the extension.</dd>
</t> <dt>Specification Document(s):</dt>
<t> <dd>Reference to the document or documents that specify the exte
Registration requests consist of at least the following information: nsion.</dd>
<list style="symbols" > <dt>Change Controller:</dt>
<t> <dd>For Standards Track RFCs, list "IETF". For others, give the
WebAuthn Extension Identifier: name of the
<vspace/>
An identifier meeting the requirements given above in
<xref target="sctn-extension-ident-registry"/>.
</t>
<t>
Description:
<vspace/>
A relatively short description of the extension.
</t>
<t>
Specification Document(s):
<vspace/>
Reference to the document or documents that specify the extensio
n.
</t>
<t>
Change Controller:
<vspace/>
For Standards Track RFCs, list the "IETF". For others, give the
name of the
responsible party. Other details (e.g., postal address, email ad dress, home page responsible party. Other details (e.g., postal address, email ad dress, home page
URI) may also be included. URI) may also be included.</dd>
</t> <dt>Notes:</dt>
<t> <dd>[optional]</dd>
Notes: </dl>
<vspace/> <t>Registrations <bcp14>MUST</bcp14> reference a freely available,
[optional] stable specification, e.g., as described in <xref target="RFC8126"
</t> section="4.6" sectionFormat="of"/>. This specification
</list> <bcp14>MUST</bcp14> include security and privacy considerations
</t> relevant to the extension.</t>
<t> <t>Note that WebAuthn extensions can be registered by third parties
Registrations MUST reference a freely available, stable specificatio (including the expert(s) themselves), if the expert(s) determines
n, e.g., as that an unregistered extension is widely deployed and not likely to
described in Section 4.6 of <xref target="RFC8126"/>. be registered in a timely manner otherwise. Such registrations still
This specification MUST include security and privacy considerations are subject to the requirements defined, including the need to
relevant to the extension. reference a specification.</t>
</t>
<t>
Note that WebAuthn extensions can be registered by third parties
(including the expert(s) themselves), if the expert(s) determine tha
t an unregistered extension is widely deployed and not likely to be
registered in a timely manner otherwise.
Such registrations still are subject to the requirements defined, in
cluding the need to
reference a specification.
</t>
</section> <!-- Registering Extension Identifiers -->
<section title="Registration Request Processing" </section>
anchor="sctn-registering-extension-idents-processing">
<section anchor="sctn-registering-extension-idents-processing" numbered=
"true" toc="default">
<name>Registration Request Processing</name>
<t> <t>
As noted in <xref target="sctn-registering-extension-idents"/>, As noted in <xref target="sctn-registering-extension-idents" format= "default"/>,
WebAuthn extension identifiers are registered using the WebAuthn extension identifiers are registered using the
Specification Required policy. Specification Required policy.
</t> </t>
<t> <t>
The expert(s) will clearly identify any issues that cause a registra tion to be refused, The expert(s) will clearly identify any issues that cause a registra tion to be refused,
such as an incompletely specified extension. such as an incompletely specified extension.
</t> </t>
<t> <t>
When a request is approved, the expert(s) will inform IANA, and the registration will When a request is approved, the expert(s) will inform IANA, and the registration will
be processed. be processed.
The IESG is the arbiter of any objection. The IESG is the arbiter of any objection.
</t> </t>
</section> </section>
<section anchor="sctn-extension-ident-registry-values" numbered="true" t
<section title="Initial WebAuthn Extension Identifier Registry Values" oc="default">
anchor="sctn-extension-ident-registry-values"> <name>Initial Values in the WebAuthn Extension Identifiers Registry</n
ame>
<t> <t>
The initial values for the WebAuthn Extension Identifier Registry are The initial values for the "WebAuthn Extension Identifiers"
to be populated from the values listed in registry have been
populated with the values listed in the
<eref target="https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#sct n-extensions-reg"> <eref target="https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#sct n-extensions-reg">
"WebAuthn Extension Identifier Registrations"</eref> "WebAuthn Extension Identifier Registrations"</eref> section
of <xref target="WebAuthn"/>. of <xref target="WebAuthn" format="default"/>.
Also, the Change Controller entry to be used for each of those regist Also, the Change Controller entry for each of those registrations is:
rations is:
<list style='symbols'>
<t>
Change Controller: W3C Web Authentication Working Group - public&
#8209;webauthn@w3.org
</t>
</list>
</t> </t>
</section> <dl newline="true">
<dt>Change Controller:</dt>
</section> <!-- Extension Identifier Registry --> <dd> W3C Web Authentication Working Group (public&nbhy;webauthn@w3.or
g)</dd>
</section> <!-- IANA Cons --> </dl>
<section anchor="Security" title="Security Considerations"> </section>
<t> </section>
See <xref target="WebAuthn"/> for relevant security considerations.
</t>
</section>
<section anchor="Acknowledgements" title="Acknowledgements">
<t>
Thanks to Mark Nottingham
for valuable comments and suggestions.
Thanks to Kathleen Moriarty and Benjamin Kaduk for their Area Director s
ponsorship
of this specification.
Thanks to
Amanda Baber,
Sarah Banks,
Alissa Cooper,
Roman Danyliw,
Murray Kucherawy,
Paul Kyzivat,
Barry Leiba,
Hilarie Orman,
Magnus Westerlund,
and Robert Wilton for their reviews.
</t>
</section> </section>
<section anchor="sctn-history" title="Document History"> <section anchor="Security" numbered="true" toc="default">
<t>[[ to be removed by the RFC Editor before publication as an RFC ]]</t> <name>Security Considerations</name>
<t>See <xref target="WebAuthn" format="default"/> for relevant security
<t> considerations.</t>
-10
<list style="symbols">
<t>
Changed IESG to IETF in Change Controller instructions, per suggestio
n by Magnus Westerlund.
</t>
</list>
</t>
<t>
-09
<list style="symbols">
<t>
Added Change Controller fields to registries, per suggestion by Magnu
s Westerlund.
</t>
<t>
Applied editorial suggestions by Amanda Baber, Murray Kucherawy, and
Barry Leiba.
</t>
</list>
</t>
<t>
-08
<list style="symbols">
<t>
Addressed review feedback by Murray Kucherawy.
</t>
<t>
Added BCP 14 Requirements Notation and Conventions section.
</t>
<t>
Referenced RFC 20, which defines ASCII characters.
</t>
<t>
Applied editorial cleanups.
</t>
</list>
</t>
<t>
-07
<list style="symbols">
<t>
Removed a duplicate URI listing pointed out by Hilarie Orman.
</t>
</list>
</t>
<t>
-06
<list style="symbols">
<t>
Addressed Gen-Art review comments by Paul Kyzivat by deleting text ab
out designated experts defining additional registry fields.
</t>
<t>
Addressed Ops-Dir review comments by Sarah Banks by deleting text tha
t duplicated requirements already specified in RFC 8126.
</t>
<t>
Addressed Security review comments by Hilarie Orman by deleting unnec
essary text about attestation statement formats lacking complete specifications.
</t>
<t>
Replaced uses of the URL https://www.w3.org/TR/webauthn/ with https:/
/www.w3.org/TR/2019/REC-webauthn-1-20190304/
so that the reference remains stable after the level 2 WebAuthn spec
ification is published.
</t>
</list>
</t>
<t>
-05
<list style="symbols">
<t>
Updated to address the solicited IANA review comments,
per discussions in an email thread between the authors and IANA ( "[I
ANA #1154148]" ).
</t>
</list>
</t>
<t>
-04
<list style="symbols">
<t>
Update per Benjamin Kaduk's further AD review:
Remove 'final' wrt IESG arbitrating objections; Add explicit
requirement for extension or attestation specs to include
security and privacy considerations.
</t>
<t>
Update per IANA review: Move "IANA considerations section up in doc
to encompass (former) sections 2 and 3.
</t>
</list>
</t>
<t>
-03
<list style="symbols">
<t>
Update per Benjamin Kaduk's AD review. Align with RFC 8288, rather t
han
draft-nottingham-rfc5988bis.
</t>
</list>
</t>
<t>
-02
<list style="symbols">
<t>
Refresh now that the WebAuthn spec is at Recommendation (REC) maturi
ty level.
</t>
</list>
</t>
<t>
-01
<list style="symbols">
<t>
Refresh now that the WebAuthn Committee Recommendation (CR) draft is
pending.
</t>
</list>
</t>
<t>
-00
<list style="symbols">
<t>
Initial version, based on draft-nottingham-rfc5988bis.
</t>
</list>
</t>
</section> </section>
</middle> </middle>
<back> <back>
<references title="Normative References">
&rfc2119;
&rfc5234;
&rfc8126;
&rfc8174;
<reference anchor="RFC20" target="http://www.rfc-editor.org/info/rfc20"> <displayreference target="RFC0020" to="RFC20"/>
<front>
<title>ASCII format for Network Interchange</title> <references>
<author fullname="Vint Cerf" surname="Cerf" initials="V.">
<organization>University California Los Angeles (UCLA)</organization> <name>Normative References</name>
</author> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
<date month="October" year="1969"/> ce.RFC.2119.xml"/>
</front> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
<seriesInfo name="STD" value="80"/> ce.RFC.5234.xml"/>
<seriesInfo name="RFC" value="20"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
</reference> ce.RFC.8126.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
ce.RFC.8174.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
ce.RFC.0020.xml"/>
<reference anchor="WebAuthn" target="https://www.w3.org/TR/2019/REC-webaut hn-1-20190304/"> <reference anchor="WebAuthn" target="https://www.w3.org/TR/2019/REC-webaut hn-1-20190304/">
<front> <front>
<title>Web Authentication: An API for accessing Public Key Credentials </title> <title>Web Authentication: An API for accessing Public Key Credentials </title>
<seriesInfo name="World Wide Web Consortium (W3C)" value="Recommendati on"/>
<author initials="D." surname="Balfanz" fullname="Dirk Balfanz"> <author initials="D." surname="Balfanz" fullname="Dirk Balfanz">
<organization>Google</organization> <organization>Google</organization>
<address> <address>
<email>balfanz@google.com</email> <email>balfanz@google.com</email>
</address> </address>
</author> </author>
<author initials="A." surname="Czeskis" fullname="Alexei Czeskis"> <author initials="A." surname="Czeskis" fullname="Alexei Czeskis">
<organization>Google</organization> <organization>Google</organization>
<address> <address>
<email>aczeskis@google.com</email> <email>aczeskis@google.com</email>
</address> </address>
</author> </author>
<author initials="J." surname="Hodges" fullname="Jeff Hodges"> <author initials="J." surname="Hodges" fullname="Jeff Hodges">
<organization>PayPal</organization> <organization>PayPal</organization>
<address> <address>
<email>jdhodges@google.com</email> <email>jdhodges@google.com</email>
</address> </address>
</author> </author>
<author initials="J.C." surname="Jones" fullname="J.C. Jones"> <author initials="J.C." surname="Jones" fullname="J.C. Jones">
<organization>Mozilla</organization> <organization>Mozilla</organization>
<address> <address>
<email>jc@mozilla.com</email> <email>jc@mozilla.com</email>
</address> </address>
</author> </author>
<author initials="M." surname="Jones" fullname="Michael B. Jones">
<author initials="M.B." surname="Jones" fullname="Michael B. Jones">
<organization>Microsoft</organization> <organization>Microsoft</organization>
<address> <address>
<email>mbj@microsoft.com</email> <email>mbj@microsoft.com</email>
<uri>http://self-issued.info/</uri> <uri>http://self-issued.info/</uri>
</address> </address>
</author> </author>
<author initials="A." surname="Kumar" fullname="Akshay Kumar"> <author initials="A." surname="Kumar" fullname="Akshay Kumar">
<organization>Microsoft</organization> <organization>Microsoft</organization>
<address> <address>
<email>akshayku@microsoft.com</email> <email>akshayku@microsoft.com</email>
</address> </address>
</author> </author>
<author initials="A." surname="Liao" fullname="Angelo Liao"> <author initials="A." surname="Liao" fullname="Angelo Liao">
<organization>Microsoft</organization> <organization>Microsoft</organization>
<address> <address>
<email>huliao@microsoft.com</email> <email>huliao@microsoft.com</email>
</address> </address>
</author> </author>
<author initials="R." surname="Lindemann" fullname="Rolf Lindemann"> <author initials="R." surname="Lindemann" fullname="Rolf Lindemann">
<organization>Nok Nok Labs</organization> <organization>Nok Nok Labs</organization>
<address> <address>
<email>rolf@noknok.com</email> <email>rolf@noknok.com</email>
</address> </address>
</author> </author>
<author initials="E." surname="Lundberg" fullname="Emil Lundberg"> <author initials="E." surname="Lundberg" fullname="Emil Lundberg">
<organization>Yubico</organization> <organization>Yubico</organization>
<address> <address>
<email>emil@yubico.com</email> <email>emil@yubico.com</email>
</address> </address>
</author> </author>
<date month="March" day="4" year="2019"/>
<date month="March" day="4" year="2019" />
</front> </front>
<seriesInfo name="World Wide Web Consortium (W3C)" value="Recommendation
" />
<format type="HTML" target="https://www.w3.org/TR/2019/REC-webauthn-1-20
190304/" />
</reference> </reference>
</references> </references>
<section anchor="Acknowledgements" numbered="false" toc="default">
<name>Acknowledgements</name>
<t>Thanks to <contact fullname="Mark Nottingham"/> for valuable comments
and suggestions. Thanks to <contact fullname="Kathleen Moriarty"/> and
<contact fullname="Benjamin Kaduk"/> for their Area Director sponsorship
of this specification. Thanks to <contact fullname="Amanda Baber"/>,
<contact fullname="Sarah Banks"/>, <contact fullname="Alissa Cooper"/>,
<contact fullname="Roman Danyliw"/>, <contact fullname="Murray
Kucherawy"/>, <contact fullname="Paul Kyzivat"/>, <contact
fullname="Barry Leiba"/>, <contact fullname="Hilarie Orman"/>, <contact
fullname="Magnus Westerlund"/>, and <contact fullname="Robert Wilton"/>
for their reviews.</t>
</section>
</back> </back>
</rfc> </rfc>
 End of changes. 72 change blocks. 
546 lines changed or deleted 246 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/