Skip to content

Commit

Permalink
Enforce rejection of be:0,bs:1 during auth
Browse files Browse the repository at this point in the history
  • Loading branch information
MasterKale committed Jun 28, 2023
1 parent 8a04cf7 commit 3e0395f
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -5519,6 +5519,8 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
verify that the [=authData/flags/UV=] bit of the <code>[=flags=]</code> in |authData| is set.
Otherwise, ignore the value of the [=authData/flags/UV=] [=flag=].

1. If the [=authData/flags/BE=] bit of the <code>[=flags=]</code> in |authData| is not set, verify that the [=authData/flags/BS=] bit is not set.

1. If the credential [=backup state=] is used as part of [=[RP]=] business logic or policy,
let |currentBe| and |currentBs| be the values of the [=authData/flags/BE=] and [=authData/flags/BS=] bits, respectively,
of the <code>[=flags=]</code> in |authData|.
Expand Down

0 comments on commit 3e0395f

Please sign in to comment.