Announcement: New "evaluationType" field in the SafetyNet Attestation API
瀏覽次數:668 次
跳到第一則未讀訊息
SafetyNet API Clients
2021年2月15日 凌晨4:10:462021/2/15
收件者:SafetyNet API Clients
Hi,
In May 2020, we shared a feature preview of a new optional “evaluationType” field in the JWS response.
We are excited to announce that we have adjusted the “ctsProfileMatch” and “basicIntegrity” calculation logic to incorporate hardware-backed checks where applicable, leading to an improved resilience against advanced attacks. We also graduated the “evaluationType” field, which is now officially supported and can be relied upon.
The changes to the “ctsProfileMatch” and “basicIntegrity” calculations should be transparent. No action is required, just enjoy the increased resilience.
Most users should continue to rely on “ctsProfileMatch” and “basicIntegrity”. For a small class of apps that already require “ctsProfileMatch” and wish to enforce the highest levels of security, even at the cost of limiting their user base, the “evaluationType” field will assist with setting the required bar.
We have published official documentation for the “evaluationType” field to describe its possible values. We strongly encourage you to read this documentation before using the field.
We encourage you to use our feedback form based on your experience with this new feature as well as the overall service.
Regards,
SafetyNet API Clients Team
In May 2020, we shared a feature preview of a new optional “evaluationType” field in the JWS response.
We are excited to announce that we have adjusted the “ctsProfileMatch” and “basicIntegrity” calculation logic to incorporate hardware-backed checks where applicable, leading to an improved resilience against advanced attacks. We also graduated the “evaluationType” field, which is now officially supported and can be relied upon.
The changes to the “ctsProfileMatch” and “basicIntegrity” calculations should be transparent. No action is required, just enjoy the increased resilience.
Most users should continue to rely on “ctsProfileMatch” and “basicIntegrity”. For a small class of apps that already require “ctsProfileMatch” and wish to enforce the highest levels of security, even at the cost of limiting their user base, the “evaluationType” field will assist with setting the required bar.
We have published official documentation for the “evaluationType” field to describe its possible values. We strongly encourage you to read this documentation before using the field.
We encourage you to use our feedback form based on your experience with this new feature as well as the overall service.
Regards,
SafetyNet API Clients Team
回覆所有人
回覆作者
轉寄
0 則新訊息