Google Passkey AAGUID

[Zhao Bin]

Hi

Recently we found that Google Passkey's AAGUID has been changed to ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4. It used to be all 000s. 

May I know how Android changed it? Is it by Android OS update where certain OS still use 000xxx and newer ones use ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4? Or by a Google Play service update?

It is also documented in https://github.com/passkeydeveloper/passkey-authenticator-aaguids/blob/main/aaguid.json

Thank you.

Best Regards

Zhao Bin

[Adam Langley]

Google Password Manager is implemented in Play Services and it was a Play Services update.

 

Cheers

AGL

[My1]

Thanks that it does have a AAGUID now tho, as that helps services to identify this as a google Passkey, and tell that to the User. is (or will) this be visible in fido Metadata or can only attestable things appear there? because Passkeys likely still are without attestation to the surprise of no one.

Regards.

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/b833e89f-5f22-47cd-a83f-ca49ffa53ac4n%40fidoalliance.org.

[John Bradley]

Uncertified authenticators are allowed in the MDS.  That is not a problem.  It is up to Google to decide if they want to list it.

In my opinion all authenticators that report AAGUID should be in the MDS so that people who use it don’t need to go digging around in multiple locations.

John B.

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CACHSkNo%3DMwBSohcv3VNNaEyh%3Dr53OB36ck3SS1bwQDg3yNSy%3Dw%40mail.gmail.com.

[Xavier CHAPRON]

Hello,

Uncertified authenticators are allowed in the MDS.  That is not a problem.  It is up to Google to decide if they want to list it.

In my opinion all authenticators that report AAGUID should be in the MDS so that people who use it don’t need to go digging around in multiple locations.

That's interesting. Do you have any pointer on the procedure to get an authentificator listed in the MDS?

Thanks,

Xavier Chapron

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CA90C382-5C8F-41F0-9A28-A49AEC79D576%40ve7jtb.com.

---

Les informations contenues dans ce message électronique ainsi que celles contenues dans les documents attachés sont strictement confidentielles et sont destinées à l'usage exclusif du (des) destinataire(s) nommé(s).

Toute divulgation, distribution ou reproduction, même partielle, en est strictement interdite sauf autorisation écrite et expresse de l’émetteur.

Si vous recevez ce message par erreur, veuillez le notifier immédiatement à son émetteur par retour, et le détruire ainsi que tous les documents qui y sont attachés.

The information contained in this email and in any document enclosed is strictly confidential and is intended solely for the use of the individual or entity to which it is addressed.

Partial or total disclosure, distribution or reproduction of its contents is strictly prohibited unless expressly approved in writing by the sender.

If you have received this communication in error, please notify us immediately by responding to this email, and then delete the message and its attached files from your system.

---

[DUBOUCHER Thomas]

THALES GROUP LIMITED DISTRIBUTION to email recipients

 

Hi Xavier,

 

As far as I remember, you’ll simply need to register to https://mymds.fidoalliance.org/.

 

You don’t need to be a FIDO Alliance member, but you may need to be registered as a vendor.

 

Best regards,

 

--

Thomas Duboucher

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAKrwiPh9Ri6FQb9ksG19%3Djw_0A%2BEkD5Y5kB09O8k3Tiyi4TUCw%40mail.gmail.com.