Bug 181948

Summary: [WebAuthN] Add token binding ID into CollectedClientData
Product: WebKit Reporter: Jiewen Tan <jiewen_tan>
Component: WebCore Misc.Assignee: pascoe <pascoe>
Status: RESOLVED WONTFIX    
Severity: Normal CC: alex.gaynor, dwaite, jiewen_tan, jonathan, jschoi, loginllama, pascoe, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 181943    

Jiewen Tan
Reported 2018-01-22 13:49:55 PST
Add token binding ID into CollectedClientData.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-08-15 17:07:13 PDT
<rdar://problem/43357285>
login Llama
Comment 2 2020-07-02 11:49:36 PDT
For reference Token Binding is required by NIST in SP800-63B https://pages.nist.gov/800-63-3/sp800-63b.html To meet the Verifier Impersonation resistance requirement for authentication at AAL3.
David Waite
Comment 3 2021-10-05 17:06:32 PDT
Post-level 2 PR removing TokenBinding. https://github.com/w3c/webauthn/pull/1630
Note You need to log in before you can comment on or make changes to this bug.