WebAuthn Authenticator Model


WebAuthn Authenticator Model The Web Authentication API (WebAuthN) implies a specific ABSTRACT functional model for a WebAuthn Authenticator.

For WebAuthn Authenticator, this model defines the logical operations that they MUST support, and the data formats that they expose to the WebAuthn Client and the WebAuthn Relying Party. However, it does not define the details of how authenticators communicate with the Client Device, unless they are necessary for interoperability with WebAuthn Relying Party. For instance, this ABSTRACT model does not define

WebAuthn Authenticator Model does define error behavior in terms of the needs of the WebAuthn Client. Therefore, specific error codes are mentioned as a means of showing which error conditions MUST be distinguishable (or not) from each other in order to enable a compliant and secure client implementation.

WebAuthn Authenticator Model, FIDO-CTAP and CTAP2#

FIDO-CTAP is an example of a concrete Implementation of this model, but it is one in which there are differences in the data it returns and those expected by the Web Authentication API's algorithms.

CTAP2 response messages are Concise Binary Object Representation (CBOR) maps constructed using integer keys rather than the string keys defined in this specification for the same objects. The client is expected to perform any needed transformations on such data. The FIDO-CTAP specification details the mapping between CTAP2 integer keys and WebAuthN string keys.

More Information#

There might be more information for this subject on one of the following: