FIDO2: Transport binding profile missing an IDL

24 views
Skip to first unread message

Dani Mező

unread,
Jun 29, 2021, 5:27:13 AMJun 29
to FIDO Dev (fido-dev)
Hi devs, Yuriy,

I am looking at the transport binding profile intended for FIDO2 servers, this document (which I believe is the newest version of it): https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-server-v2.0-rd-20180702.html

On several occasions it references an object named ServerAuthenticatorResponse.
For example:
"Note that the ServerAuthenticatorAttestationResponse extends the generic ServerAuthenticatorResponse, which is described in the Common section below."

This object however is never defined in the document, the Common section only defines ServerResponse which I believe is a different one.

Could anybody explain how that object looks like / adapt the specification to contain it?

Cheers, Daniel



Ackermann Yuriy

unread,
Jun 29, 2021, 6:30:26 AMJun 29
to Dani Mező, FIDO Dev (fido-dev)
Hey Dani.


Regards. Yuriy

Yuriy Ackermann
FIDO, Identity, Standards
skype: ackermann.yuriy
github: @herrjemand
twitter: @herrjemand
medium: @herrjemand


--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/c180f7a2-b393-41b4-9578-45658c19c136n%40fidoalliance.org.

Dani Mező

unread,
Jun 29, 2021, 7:34:33 AMJun 29
to FIDO Dev (fido-dev), Ackermann Yuriy, FIDO Dev (fido-dev), Dani Mező
Hi Yuriy,

Thank you for the response, I am now looking at that document instead, but the object in question (ServerAuthenticatorResponse) isn't defined there either.
How it should look like?

Cheers, Daniel

Ackermann Yuriy

unread,
Jun 29, 2021, 7:39:06 AMJun 29
to Dani Mező, FIDO Dev (fido-dev)
ServerAuthenticatorResponse is either a ServerAuthenticatorAttestationResponse or ServerAuthenticatorAssertionResponse.

From the doc: "with response field set to ServerAuthenticatorAttestationResponse. Note that the ServerAuthenticatorAttestationResponse extends the generic ServerAuthenticatorResponse"


Screen Shot 2021-06-29 at 15.37.41.png

And further down there is information on ServerAuthenticatorAssertionResponse

Regards. Yuriy

Yuriy Ackermann
FIDO, Identity, Standards
skype: ackermann.yuriy
github: @herrjemand
twitter: @herrjemand
medium: @herrjemand

Dani Mező

unread,
Jun 29, 2021, 7:44:50 AMJun 29
to Ackermann Yuriy, FIDO Dev (fido-dev)
Yes, I understood that. What I am saying is that 

"Note that the ServerAuthenticatorAttestationResponse extends the generic ServerAuthenticatorResponse."

There is nothing to extend. The ServerAuthenticatorResponse does not exist according to this spec - it is never defined. Or is it supposed to be an empty object?

Cheers, Daniel

Ackermann Yuriy

unread,
Jun 29, 2021, 8:39:38 AMJun 29
to Dani Mező, FIDO Dev (fido-dev)
Yes, ServerAuthenticatorResponse is just a generic object.

You can see this from the example request.

Regards. Yuriy

Yuriy Ackermann
FIDO, Identity, Standards
skype: ackermann.yuriy
github: @herrjemand
twitter: @herrjemand
medium: @herrjemand

Reply all
Reply to author
Forward
0 new messages