[webauthn] Backup state of credentials (#1692)

• From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
• Date: Tue, 25 Jan 2022 17:37:17 +0000
• To: public-webauthn@w3.org
• Message-ID: <issues.opened-1114179123-1643132235-sysbot+gh@w3.org>

akshayku has just created a new issue for https://github.com/w3c/webauthn:

== Backup state of credentials ==
With recent multi-device passkeys concept for backup and recovery purposes and the desire to remove passwords from the account, we need to provide signal to the RP that it can go ahead and remove passwords. 

This is a refinement of original proposal of "durable" flags in https://github.com/w3c/webauthn/issues/1637#issue-935187400

`dpk`, as per current definition in the WebAuthn PR https://github.com/w3c/webauthn/pull/1663 is that it is just another key which is device bound. It does not tell whether primary credential is device bound or not. 

Windows current thinking is that if and when we implement multi-device backup, user will be given a choice of whether they want these credentials to be backed-up or not at registration time. User may also have ability to choose sync/backup state in the future depending on various factors like access to sync/backup fabric etc. and it's properties. Which means that backup state of the credential can change over time. And RP should be able to determine what is happening from the authenticator responses. 

There are two possible solution around this. 
1. ### Extension: "backup-state"
    - The extension tells RP about the backup state the credential.
    - ### Need
        - Existing devices which does not support backup and newer devices which may support backup needs to coexist.
        - RP also needs to distinguish between device bound key vs non-device bound key in certain situations.
        - RP needs to know in which state the credential is in so that it can offer removal of password from the account.
        - User will be offered choice on certain platforms and authenticators where user may transition from unbacked-up state to backup-state or vice-versa.
        - Hence the value is dynamic in nature if backup is supported by the authenticator.
    - ### Applicability
        - Both at credential.create() as well credential.get()
    - ### Values
        - BACKUP_NOT_APPLICABLE
           - Credential created is device bound and does not support backup now or in future.
           - All existing credentials created are in this state.
           - Device-public-key extension is not returned in this state.
           - Default state if extension is not returned
        - BACKUP_NOT_CONFIGURED
           - Credential is not configured to be backed-up at this time but may be configured in future.
           - Device-public-key extension should be returned in this state.
        - BACKUP_IN_PROGRESS
           - Device-public-key extension should be returned in this state.
           - Typically in credential.create() stage where credential has just been created and not yet synced but should be synced shortly.
        - BACKUP_COMPLETED
           - Device-public-key extension should be returned in this state.

2. ### Authenticator Flags (as proposed by @ve7jtb)
    - Single Device 0 / multi-device capable 1
    - Not backed up 0 / backed up 1

cc @agl / @equalsJeffH / @timcappalli 

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1692 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 25 January 2022 17:37:19 UTC