- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Mon, 15 Nov 2021 23:26:14 +0000
- To: public-webauthn@w3.org
dwaite has just created a new issue for https://github.com/w3c/webauthn: == Provide request deserialization, response serialization == The addition of `ArrayBuffer` in the WebAuthn APIs has been an often-cited challenge for relying party developers, as JavaScript does not have integration for converting such buffers to text for serialization via JSON. JSON itself is not necessarily the best format because of the binary content, including for items like extensions. I'd like to propose deserialization request forms of PublicKeyCredential as long as serialization of the response forms of PublicKeyCredential. To do this, I would propose a serialization based on a schema (such as CBOR and CDDL) covering the options valid for a PublicKeyCredential. CBOR data is preferred because of the need to preserve the binary signed messages, and due to several internal values being declared as binary identifiers or as CBOR. Additionally, convenience methods to work in terms of a base64-encoded form of the CBOR data would be desirable for use in text-based API. As deserialization would result in a PublicKeyCredential object, Javascript would still have full fidelity to inspect and possibly manipulate before making a create() or get() request. Likewise, Javascript would have the ability to inspect the response object before serializing it to share with a remote service. Deserialization for responses and serialization of requests would both be more difficult due to the possibility of arbitrary manipulation by the user and responses having methods in addition to data. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1683 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 15 November 2021 23:26:16 UTC