From 1e28d5b42e2d71a0ccfa23e5ecb4a8553c1f2671 Mon Sep 17 00:00:00 2001 From: Eiji Kitamura Date: Tue, 25 Jun 2024 19:08:54 +0900 Subject: [PATCH 1/2] Add Google documents --- content/docs/demos-examples/demos.md | 3 ++- content/docs/guides/_index.md | 9 +++++++ content/docs/guides/codelabs.md | 17 +++++++++++++ content/docs/guides/developer-guides.md | 33 +++++++++++++++++++++++++ content/docs/reference/terms/index.md | 16 ++++++++++++ 5 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 content/docs/guides/_index.md create mode 100644 content/docs/guides/codelabs.md create mode 100644 content/docs/guides/developer-guides.md diff --git a/content/docs/demos-examples/demos.md b/content/docs/demos-examples/demos.md index 529eaf48..92af4c43 100644 --- a/content/docs/demos-examples/demos.md +++ b/content/docs/demos-examples/demos.md @@ -2,7 +2,7 @@ title: "Demo Sites & Services" description: "Sites and services to demo passkeys" lead: "Sites and services to demo passkeys" -date: 2023-09-19T16:45:00.148Z +date: 2024-06-25T16:45:00.148Z draft: false images: [] menu: @@ -24,3 +24,4 @@ These demo sites have been created and are maintained by FIDO2/WebAuthn vendors - [passkeys.guru (Descope)](https://passkeys.guru/) - [passkey.org (Yubico)](https://passkey.org) - [패스키 체험 (SK Telecom)](https://www.passkey-sktelecom.com/experience) +- [try-webauthn.appspot.com (Google)](https://try-webauthn.appspot.com/) diff --git a/content/docs/guides/_index.md b/content/docs/guides/_index.md new file mode 100644 index 00000000..00236177 --- /dev/null +++ b/content/docs/guides/_index.md @@ -0,0 +1,9 @@ +--- +title: "Guides" +description: "Guides for passkeys developers" +lead: "" +date: 2024-06-25T16:08:00+09:00 +draft: false +images: [] +weight: 400 +--- diff --git a/content/docs/guides/codelabs.md b/content/docs/guides/codelabs.md new file mode 100644 index 00000000..fc377e87 --- /dev/null +++ b/content/docs/guides/codelabs.md @@ -0,0 +1,17 @@ +--- +title: "Codelabs" +description: "Passkeys developer codelabs" +date: 2024-06-25T16:09:38.358Z +draft: false +images: [] +menu: + docs: + parent: "guides" +weight: 2001 +toc: true +--- + +## Codelabs + +* +* diff --git a/content/docs/guides/developer-guides.md b/content/docs/guides/developer-guides.md new file mode 100644 index 00000000..9a430a51 --- /dev/null +++ b/content/docs/guides/developer-guides.md @@ -0,0 +1,33 @@ +--- +title: "Developer guides" +description: "Passkeys developer guides" +date: 2024-06-25T16:09:38.358Z +draft: false +images: [] +menu: + docs: + parent: "guides" +weight: 1001 +toc: true +--- + +## Server side guides + +* +* +* + +## iOS/iPadOS + +* + +## Android + +* + +## Deep dives + +* +* +* +* diff --git a/content/docs/reference/terms/index.md b/content/docs/reference/terms/index.md index b9cb9e40..b5043083 100644 --- a/content/docs/reference/terms/index.md +++ b/content/docs/reference/terms/index.md @@ -22,6 +22,14 @@ A user whose account has [2FA](#2-factor-authentication-2fa) turned on, i.e., wh This refers to a contract between a user and a [Relying Party (RP)](#relying-party-rp) where the RP must collect at least two distinct authentication factors from the user during a [bootstrap](#account-bootstrapping) sign-in. +## Authenticator Attestation Globally Unique Identifier (AAGUID) + +AAGUID is a unique number that identifies the model of the authenticator (not the specific instance of the authenticator). AAGUID can be found as part of a public key credential's authenticator data. RPs can use AAGUID to identify the [passkey provider](#passkey-provider). + + + + + ## Account bootstrapping A [Relying Party (RP)](#relying-party-rp) authenticates a user without any prior knowledge of who the user is. This means that the RP not only has to verify the identity of the user (checking the password, verifying cryptographic signatures, etc), it also has to establish the identity of the user (figure out the user id, username, etc. of the user who’s signing in). This may happen when a user signs into an existing account for the first time on a newly-purchased device; or when a user logs into a website for the first time in a given browser instance. Or when a user logs into a website in a private browsing session. Or when a user signs into a mobile app for the first time on a given device (contrast this with [reauthentication](#reauthentication) below). @@ -50,6 +58,8 @@ A generic example of an autofill UI for passkeys is shown below: The technical name for this feature in the WebAuthn and Credential Management specifications is "Conditional Mediation". + + @@ -86,6 +96,8 @@ A Discoverable Credential (known in previous version of WebAuthn as a "resident [Passkeys](#passkey) are Discoverable Credentials. + + ## First-Party Passkey Provider @@ -178,12 +190,16 @@ A [Passkey Provider](#passkey-provider) that plugs in to the OS via platform API A test of User Presence (UP) is used to ensure the user is in local proximity to the authenticator during an authentication or credential creation ceremony. UP is often satisfied by pressing a button or metallic area of a security key, or interacting with a platform authenticator on a device. + + ## User Verification (UV) User Verification (UV) requires the user to either perform a biometric gesture, enter the device PIN, or enter the device password for the authenticator to authorize creation and/or use of the credential. + + ## User-Verifying Roaming Authenticator From 4a7ac692e52c72b44f5a84c44ff3e30ba20c6f4d Mon Sep 17 00:00:00 2001 From: Eiji Kitamura Date: Thu, 19 Dec 2024 16:20:07 +0900 Subject: [PATCH 2/2] Removed non-spec links --- content/docs/reference/terms/index.md | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/content/docs/reference/terms/index.md b/content/docs/reference/terms/index.md index b5043083..8889dbd5 100644 --- a/content/docs/reference/terms/index.md +++ b/content/docs/reference/terms/index.md @@ -26,8 +26,6 @@ This refers to a contract between a user and a [Relying Party (RP)](#relying-par AAGUID is a unique number that identifies the model of the authenticator (not the specific instance of the authenticator). AAGUID can be found as part of a public key credential's authenticator data. RPs can use AAGUID to identify the [passkey provider](#passkey-provider). - - ## Account bootstrapping @@ -58,8 +56,6 @@ A generic example of an autofill UI for passkeys is shown below: The technical name for this feature in the WebAuthn and Credential Management specifications is "Conditional Mediation". - - @@ -96,8 +92,6 @@ A Discoverable Credential (known in previous version of WebAuthn as a "resident [Passkeys](#passkey) are Discoverable Credentials. - - ## First-Party Passkey Provider @@ -190,16 +184,12 @@ A [Passkey Provider](#passkey-provider) that plugs in to the OS via platform API A test of User Presence (UP) is used to ensure the user is in local proximity to the authenticator during an authentication or credential creation ceremony. UP is often satisfied by pressing a button or metallic area of a security key, or interacting with a platform authenticator on a device. - - ## User Verification (UV) User Verification (UV) requires the user to either perform a biometric gesture, enter the device PIN, or enter the device password for the authenticator to authorize creation and/or use of the credential. - - ## User-Verifying Roaming Authenticator