The register web service is the second step to register new FIDO credentials for users, and follows a preregister web service request if they are successfully completed by the application and Authenticator. The parameters of this web service carry:
- The public key of the new credential generated by the FIDO authenticator
- A digital signature applied on the challenge and other data by the authenticator
- An attestation from the authenticator providing information to SKFS that allows it to determine its conformance to defined policy
The web service requires the following parameters supplied as JSON objects (shown in the Request example in this section):
|
Parameter |
Explanation |
|---|---|
|
svcinfo |
This parameter carries a JSON object with service credential information (svcinfo) that authenticates and authorizes the web service request sent by the application to SKFS. |
|
payload |
This parameter—also a JSON object—carries the response from the authenticator and the browser/app, necessary for SKFS to fulfill the operation. |
When the Tellaro receives the request, it verifies the credentials presented against its internal directory server, and determines their authorization to request the register service by verifying if they are a member of the FidoAuthorized groups.