Module com.webauthn4j.core

Package com.webauthn4j.data

Class AttestationConveyancePreference

java.lang.Object

com.webauthn4j.data.AttestationConveyancePreference

public class AttestationConveyancePreference
extends Object

WebAuthn Relying Parties may use AttestationConveyancePreference to specify their preference regarding attestation conveyance during credential generation.

See Also:

• §5.4.6. Attestation Conveyance Preference Enumeration (enum AttestationConveyancePreference)

Field Summary

Fields

Modifier and Type	Field	Description
static final AttestationConveyancePreference	DIRECT	This value indicates that the Relying Party wants to receive the attestation statement as generated by the authenticator.
static final AttestationConveyancePreference	ENTERPRISE	This value indicates that the Relying Party wants to receive an attestation statement that may include uniquely identifying information.
static final AttestationConveyancePreference	INDIRECT	This value indicates that the Relying Party prefers an attestation conveyance yielding verifiable attestation statements, but allows the client to decide how to obtain such attestation statements.
static final AttestationConveyancePreference	NONE	This value indicates that the Relying Party is not interested in authenticator attestation.

Method Summary

Modifier and Type	Method	Description
static @NotNull AttestationConveyancePreference	create(@NotNull String value)
boolean	equals(Object o)
@NotNull String	getValue()
int	hashCode()
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Details

NONE

public static final AttestationConveyancePreference NONE

This value indicates that the Relying Party is not interested in authenticator attestation. For example, in order to potentially avoid having to obtain user consent to relay identifying information to the Relying Party, or to save a roundtrip to an Attestation CA.

INDIRECT

public static final AttestationConveyancePreference INDIRECT

This value indicates that the Relying Party prefers an attestation conveyance yielding verifiable attestation statements, but allows the client to decide how to obtain such attestation statements. The client MAY replace the authenticator-generated attestation statements with attestation statements generated by an Anonymization CA, in order to protect the user’s privacy, or to assist Relying Parties with attestation verification in a heterogeneous ecosystem.

DIRECT

public static final AttestationConveyancePreference DIRECT

This value indicates that the Relying Party wants to receive the attestation statement as generated by the authenticator.

ENTERPRISE

public static final AttestationConveyancePreference ENTERPRISE

This value indicates that the Relying Party wants to receive an attestation statement that may include uniquely identifying information. This is intended for controlled deployments within an enterprise where the organization wishes to tie registrations to specific authenticators. User agents MUST NOT provide such an attestation unless the user agent or authenticator configuration permits it for the requested RP ID.

If permitted, the user agent SHOULD signal to the authenticator (at invocation time) that enterprise attestation is requested, and convey the resulting AAGUID and attestation statement, unaltered, to the Relying Party.

Method Details

create

@NotNull
public static @NotNull AttestationConveyancePreference create(@NotNull
 @NotNull String value)

getValue

@NotNull
public @NotNull String getValue()

toString

public String toString()

Overrides:

toString in class Object

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object