Registries for Web Authentication (WebAuthn)
RFC 8809

Document Type RFC - Informational (August 2020; No errata)
Last updated 2020-08-07
Stream IETF
Formats plain text html xml pdf htmlized bibtex
Reviews
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 8809 (Informational)
Consensus Boilerplate Yes
Telechat date
Responsible AD Benjamin Kaduk
Send notices to (None)
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack


Internet Engineering Task Force (IETF)                         J. Hodges
Request for Comments: 8809                                        Google
Category: Informational                                       G. Mandyam
ISSN: 2070-1721                               Qualcomm Technologies Inc.
                                                                M. Jones
                                                               Microsoft
                                                             August 2020

              Registries for Web Authentication (WebAuthn)

Abstract

   This specification defines IANA registries for W3C Web Authentication
   (WebAuthn) attestation statement format identifiers and extension
   identifiers.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are candidates for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8809.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction
     1.1.  Requirements Notation and Conventions
   2.  IANA Considerations
     2.1.  WebAuthn Attestation Statement Format Identifiers Registry
       2.1.1.  Registering Attestation Statement Format Identifiers
       2.1.2.  Registration Request Processing
       2.1.3.  Initial Values in the WebAuthn Attestation Statement
               Format Identifiers Registry
     2.2.  WebAuthn Extension Identifiers Registry
       2.2.1.  Registering Extension Identifiers
       2.2.2.  Registration Request Processing
       2.2.3.  Initial Values in the WebAuthn Extension Identifiers
               Registry
   3.  Security Considerations
   4.  Normative References
   Acknowledgements
   Authors' Addresses

1.  Introduction

   This specification establishes IANA registries for W3C Web
   Authentication [WebAuthn] attestation statement format identifiers
   and extension identifiers.  The initial values for these registries
   are in the IANA Considerations section of the [WebAuthn]
   specification.

1.1.  Requirements Notation and Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

2.  IANA Considerations

   This specification establishes two registries:

   *  the "WebAuthn Attestation Statement Format Identifiers" registry
      (see Section 2.1)

   *  the "WebAuthn Extension Identifiers" registry (see Section 2.2)

   Any additional processes established by the expert(s) after the
   publication of this document will be recorded on the registry web
   page at the discretion of the expert(s).

2.1.  WebAuthn Attestation Statement Format Identifiers Registry

   WebAuthn attestation statement format identifiers are strings whose
   semantic, syntactic, and string-matching criteria are specified in
   the "Attestation Statement Format Identifiers"
   (https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#sctn-attstn-fmt-
   ids) section of [WebAuthn], along with the concepts of attestation
   and attestation statement formats.

   Registered attestation statement format identifiers are those that
   have been added to the registry by following the procedure in
   Section 2.1.1.

   Each attestation statement format identifier added to this registry
   MUST be unique amongst the set of registered attestation statement
   format identifiers.

   Registered attestation statement format identifiers MUST be a maximum
   of 32 octets in length and MUST consist only of printable ASCII
   [RFC20] characters, excluding backslash and double quote, i.e., VCHAR
   as defined in [RFC5234] but without %x22 and %x5c.  Attestation
Show full document text