Interoperability metadata statements v2 and v3

[Mattia Zago]

Hello,

For interoperability reasons, we are implementing a converter between v2 and v3.

We have the following questions.

 Thank you in advance,

Regards!

 

 

Question 1:

In the metadata v2 there is a field denoted as "operatingEnv" [1] which states:

> Description of the particular operating environment that is used for the Authenticator. These are specified in [2].

 In v3 [3], however, seems that this field has been entirely removed. Is this correct?

 If it is correct, and the "operatingEnv" key has been removed in V3, which default value should we use when converting from a metadata V3 to a metadata V2?

 Refs:

[1] https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-metadata-statement-v2.0-rd-20180702.html#widl-MetadataStatement-operatingEnv

[2] https://fidoalliance.org/specs/fido-security-requirements-v1.1-fd-20171108/fido-authenticator-allowed-restricted-operating-environments-list-v1.1-fd-20171108.html

[3] https://fidoalliance.org/specs/mds/fido-metadata-statement-v3.0-ps-20210518.html

 

==============================

Question 2:

 In the metadata v2 there is a field denoted as " isSecondFactorOnly" [1] of type required Boolean, which states:

> Indicates if the authenticator is designed to be used only as a second factor, i.e. requiring some other authentication method as a first factor (e.g. username+password).

 In the examples for v3, this information seems to be still included:

"The Authenticator is a pure second factor authenticator." c.f. example 5.2 U2F [2].

 Could you please indicate where this information is in the metadata statement? Is it implied as a constraint from another field?

 

A comparison of the v3 example 5.1 and 5.2, where only the second one is said to be a pure second factor.

Refs:

[1] https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-metadata-statement-v2.0-rd-20180702.html#widl-MetadataStatement-isSecondFactorOnly

[2] https://fidoalliance.org/specs/mds/fido-metadata-statement-v3.0-ps-20210518.html#u2f-example

[3]https://fidoalliance.org/specs/mds/fido-metadata-statement-v3.0-ps-20210518.html#uaf-example

 

==============================

Question 3:

 

In the metadata v2 there is a field denoted "userVerificationDetails" [1] which is required to be a list of "VerificationMethodDescriptor" [2].

 The same exists for metadata v3 [3,4]

 Going into detail in V3 "userVerification", a field of "VerificationMethodDescriptor", presents values [5] that are not present in V2 [6]: the values are `USER_VERIFY_PASSCODE_EXTERNAL 0x00000800` and `USER_VERIFY_PATTERN_EXTERNAL 0x00001000`.

Which default value we should use if we want to convert the missing values?

 Refs:

[1] https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-metadata-statement-v2.0-rd-20180702.html#widl-MetadataStatement-userVerificationDetails

[2] https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-metadata-statement-v2.0-rd-20180702.html#idl-def-VerificationMethodDescriptor

[3 ]https://fidoalliance.org/specs/mds/fido-metadata-statement-v3.0-ps-20210518.html#dom-metadatastatement-userverificationdetails

[4] https://fidoalliance.org/specs/mds/fido-metadata-statement-v3.0-ps-20210518.html#dictdef-verificationmethoddescriptor

[5]https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#user-verification-methods

[6]https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-registry-v2.0-rd-20180702.html#user-verification-methods

 

Thank you again, 

best regards

--

Dr. Ing. MATTIA ZAGO, PhD

Solutions Architect

Monokee s.r.l.

 

 +39 049 29 70 297 ·  +39 345 08 04 389  www.monokee.com ·  Via Zenti Fortunato, 8 – Rovereto (TN) 

[Mayra Morales Silva]

Por favor,NO ME MOLESTEN MAS CON ENVÍOS DE FIDO...NO ME INTERESAN PARA NADA ESAS INFORMACIONES...NO QUIERO RECIBIR NADA DE FIDO.NO ME INTERESA SABER NADA DE ESAS INFORMACIONES POR FAVOR. Y DISCÚLPENME PERO LO QUE A UNO LE INTERESA,LO ESCOGE UNO NO SE LO IMPONEN A UNO,ES UNO QUIEN LO SELECCIONA Y LO ESCOGE. SOY PERIODISTA,ESCRITORA Y SE PERFECTAMENTE que me interesa y que no me interesa.Se lo agradeceré.Los saludo afectuosamente.Mayi.

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/f5af359d-0e0b-4296-8a76-ac7eb51574d3n%40fidoalliance.org.

[Ackermann Yuriy]

Hey Mattia.

I wrote a blog about it last year:

https://medium.com/webauthnworks/webauthn-fido2-whats-new-in-mds3-migrating-from-mds2-to-mds3-a271d82cb774

Yuriy Ackermann

FIDO, Identity, Standards

skype: ackermann.yuriy

github: @herrjemand

twitter: @herrjemand

medium: @herrjemand

[Emil Lundberg]

Hi Mayra,

You can unsubscribe from the fido-dev Google group here: https://groups.google.com/a/fidoalliance.org/g/fido-dev/membership

Puede darse de baja del grupo de Google fido-dev aquí: https://groups.google.com/a/fidoalliance.org/g/fido-dev/membership (traducido por Google)

Emil Lundberg

Software Engineer | Yubico

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAM4nT5JoP2rB5MEezYvm2vygjkeaoVMhjpiEMWnF4xt%2B3f_kxw%40mail.gmail.com.