If aaguids is set then attestation formats must be truncated only include packed and tpm.
Aaguids are unique Authenticator model identifiers implemented by the Authenticator’s manufacturer. A manufacturer will create an aaguid for each model of Authenticator they produce so that the Authenticator’s unique properties can be easily confirmed. By default SKFS accepts all aaguids. This option enables restriction of the specific models of Authenticators SKFS will accept by specifying the model’s aaguids. The advantage of restricting the accepted Authenticator models is it can allow an added layer of standardization and security. If a company distributes only one model of Authenticator to all their employees to sign in to an internal website, they can restrict SKFS to only allow that Authenticator’s aaguid. Then if any non-employee tries registering without a valid Authenticator, they will be automatically rejected and that irregularity will be logged in SKFS. Currently only two attestation formats pass the aaguid during the registration process: packed and tpm. This is why if aaguids are specified, then attestation formats should only contain packed and tpm formats.
Allowed Values: