Fido 2
The TIDMA_FIDO2 table holds the specific attributes of FIDO2 credentials.
The table is an extension of the TIDMA_CREDENTIAL
base table in All credentials, which lists attributes that are valid for all credentials.
Database table TIDMA_FIDO2
DB attribute | Java data type(max. size), defaults | Description |
---|---|---|
credential_id | Long, not NULL | Primary key (uniquely identifies each individual credential). Foreign key that links to information in the table TIDMA_CREDENTIAL. |
aaguid | String(128), not NULL | A 128-bit identifier indicating the type (e.g. make and model) of the authenticator |
attestation_preference | Enum: AttestationConveyancePreference { DIRECT, INDIRECT, NONE, ENTERPRISE } | The server’s preference on how it would like to verify the attestations of the authenticators. |
authenticator_attachment | Enum: AuthenticatorAttachment { PLATFORM, CROSSPLATFORM } | Defines how the authenticator is accessed by the WebAuthn client, i.e. where the authenticator is at. |
authenticator | String(65535), not NULL | CBOR serialized authenticator object |
fido2_credential_id | String(255), not NULL | The hashed and encoded FIDO2 credential ID of the credential. |
relying_party_id | String(255), not NULL | relyingPartyId |
resident_key_requirement | Enum: ResidentKey { REQUIRED, DISCOURAGED } | Whether the server is willing to accept residental keys (i.e. whether storing the webauthn private key encrypted on the server side is okay or not) |
user_agent | String(255), not NULL | User agent used by the AuthCloud team, no FIDO2 relation |
user_friendly_name | String(1000), not NULL | Human readable name for the credential |
user_verification_requirement | Enum: UserVerification { REQUIRED, PREFERRED, DISCOURAGED } | The technical process by which an authenticator locally authorizes the invocation of the authenticatorMakeCredential and authenticatorGetAssertion operations (i.e. grants access for the user to proceed with the WebAuthn flows). |