Attestation format "apple"

Hi all,

When registering a WebAuthn credential using FaceID, in the fmt field of the returned AuthenticatorAttestationResponse.attestationObject, (as per section 8 (Defined Attestation Statement Formats) of the WebAuthn standards), has a value of "apple".

This is not registered in the IANA database (https://www.iana.org/assignments/webauthn/webauthn.xhtml), nor can I find a spec for this attestation format.

Could anyone direct me to the spec?

Thanks, Q

Up vote post of as207960-q Down vote post of as207960-q
1.4k views
Posted by
as207960-q
Reply
Add a Comment

Accepted Reply

This should help you. https://www.w3.org/TR/webauthn/#sctn-apple-anonymous-attestation

Posted by
mervyn.ong
Up vote reply of mervyn.ong Down vote reply of mervyn.ong
Post marked as solved

  • Brilliant, thanks so much! I was looking at an older version of the standard.

    as207960-q

  • The above link is correct for the official spec. WebKit's blog also has additional guidance about how to adopt Apple Anonymous Attestation: https://webkit.org/blog/11312/meet-face-id-and-touch-id-for-the-web/

    garrett-davidson
Add a Comment

Replies

This should help you. https://www.w3.org/TR/webauthn/#sctn-apple-anonymous-attestation

Posted by
mervyn.ong
Up vote reply of mervyn.ong Down vote reply of mervyn.ong
Post marked as solved

  • Brilliant, thanks so much! I was looking at an older version of the standard.

    as207960-q

  • The above link is correct for the official spec. WebKit's blog also has additional guidance about how to adopt Apple Anonymous Attestation: https://webkit.org/blog/11312/meet-face-id-and-touch-id-for-the-web/

    garrett-davidson
Add a Comment