Hi,
In May 2020, we shared a
feature preview of a new optional “evaluationType” field in the JWS response.
We are excited to announce that we have adjusted the “ctsProfileMatch” and “basicIntegrity” calculation logic to incorporate hardware-backed checks where applicable, leading to an improved resilience against advanced attacks. We also graduated the “evaluationType” field, which is now
officially supported and can be relied upon.
The changes to the “ctsProfileMatch” and “basicIntegrity” calculations should be transparent. No action is required, just enjoy the increased resilience.
Most users should continue to rely on “ctsProfileMatch” and “basicIntegrity”. For a small class of apps that
already require “ctsProfileMatch” and wish to enforce the highest levels of security, even at the cost of limiting their user base, the “evaluationType” field will assist with setting the required bar.
We have published
official documentation for the “evaluationType” field to describe its possible values. We strongly encourage you to read this documentation before using the field.
We encourage you to use our
feedback form based on your experience with this new feature as well as the overall service.
Regards,
SafetyNet API Clients Team