Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revised txAuthSimple extension #2022

Open
rlin1 opened this issue Feb 14, 2024 · 1 comment · May be fixed by #2020
Open

Revised txAuthSimple extension #2022

rlin1 opened this issue Feb 14, 2024 · 1 comment · May be fixed by #2020
Assignees
@rlin1
Labels
@Risk Items that are at risk for L3 stat:Blocked Prerequisites are not yet satisfied type:technical
Milestone
Futures (catch-all)

Comments

@rlin1
Copy link
Contributor

rlin1 commented Feb 14, 2024

With the original txAuthSimple extension included in WebAuthn-Level 1 (https://www.w3.org/TR/webauthn-1/#sctn-simple-txauth-extension), authenticator could display transaction text.

With secure payment confirmation (SPC) the browser can be used to show payment details and use an authenticator to approve the payment. But there is no way to show and approve non-payment transactions.

The challenge is to ensure the transaction text was visible to the user and to return evidence of this to the RP.

Proposed Change

The revised txAuthSimple extension allows the browser or the authenticator to display the transaction text (string) and reflect that in the WebAuthn assertion. The previous version (included in WebAuthn-Level 1) always required the authenticator to display it - practically preventing traditional security keys to be used in such context).

Exemplary use cases are:
a) ability to move money from account to another
b) share health data with hospitals
@rlin1
Copy link
Contributor Author

rlin1 commented Feb 14, 2024

See PR #2020

@rlin1 rlin1 linked a pull request Feb 14, 2024 that will close this issue
Open
@rlin1 rlin1 self-assigned this Feb 14, 2024
@rlin1 rlin1 linked a pull request Feb 14, 2024 that will close this issue
Improved version of extension for Transaction Confirmation #2020
Open
@ianbjacobs ianbjacobs mentioned this issue Apr 22, 2024
Closed
@nadalin nadalin added the stat:Blocked Prerequisites are not yet satisfied label May 1, 2024
@nadalin nadalin added the @Risk Items that are at risk for L3 label Oct 30, 2024
@nadalin nadalin added this to the Futures (catch-all) milestone Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rlin1 rlin1

Labels
@Risk Items that are at risk for L3 stat:Blocked Prerequisites are not yet satisfied type:technical
Projects
None yet
Milestone
Futures (catch-all)
Development

Successfully merging a pull request may close this issue.

Improved version of extension for Transaction Confirmation w3c/webauthn
2 participants
@rlin1 @nadalin