Enum Class AttestationType
- All Implemented Interfaces:
Serializable
,Comparable<AttestationType>
,Constable
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class java.lang.Enum
Enum.EnumDesc<E extends Enum<E>>
-
Enum Constant Summary
Enum ConstantDescriptionIn this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes.In this case, an authenticator is based on a Trusted Platform Module (TPM) and holds an authenticator-specific "endorsement key" (EK).In the case of basic attestation, the authenticator’s attestation key pair is specific to an authenticator model.In this case, no attestation information is available.In the case of self attestation, also known as surrogate basic attestation, the authenticator does not have any specific attestation key.In this case, attestation information is present but was not understood by the library. -
Method Summary
Modifier and TypeMethodDescriptionstatic AttestationType
Returns the enum constant of this class with the specified name.static AttestationType[]
values()
Returns an array containing the constants of this enum class, in the order they are declared.
-
Enum Constant Details
-
BASIC
In the case of basic attestation, the authenticator’s attestation key pair is specific to an authenticator model. Thus, authenticators of the same model often share the same attestation key pair. See §14.4 Attestation Privacy for further information.- See Also:
-
SELF_ATTESTATION
In the case of self attestation, also known as surrogate basic attestation, the authenticator does not have any specific attestation key. Instead it uses the credential private key to create the attestation signature. Authenticators without meaningful protection measures for an attestation private key typically use this attestation type.- See Also:
-
ATTESTATION_CA
In this case, an authenticator is based on a Trusted Platform Module (TPM) and holds an authenticator-specific "endorsement key" (EK). This key is used to securely communicate with a trusted third party, the Attestation CA (formerly known as a "Privacy CA"). The authenticator can generate multiple attestation identity key pairs (AIK) and requests an Attestation CA to issue an AIK certificate for each. Using this approach, such an authenticator can limit the exposure of the EK (which is a global correlation handle) to Attestation CA(s). AIKs can be requested for each authenticator-generated public key credential individually, and conveyed to Relying Parties as attestation certificates.Note: This concept typically leads to multiple attestation certificates. The attestation certificate requested most recently is called "active".
Note: Attestation statements conveying attestations of this type use the same data structure as attestation statements conveying attestations of type #BASIC, so the two attestation types are, in general, distinguishable only with externally provided knowledge regarding the contents of the attestation certificates conveyed in the attestation statement.
- See Also:
-
ANONYMIZATION_CA
In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes.Note: Attestation statements conveying attestations of type AttCA or AnonCA use the same data structure as those of type Basic, so the three attestation types are, in general, distinguishable only with externally provided knowledge regarding the contents of the attestation certificates conveyed in the attestation statement.
Note: Attestation statements conveying attestations of this type use the same data structure as attestation statements conveying attestations of type #BASIC, so the two attestation types are, in general, distinguishable only with externally provided knowledge regarding the contents of the attestation certificates conveyed in the attestation statement.
- See Also:
-
NONE
In this case, no attestation information is available. See also §8.7 None Attestation Statement Format.- See Also:
-
UNKNOWN
In this case, attestation information is present but was not understood by the library.For example, the attestation statement might be using a new attestation statement format not yet supported by the library.
-
-
Method Details
-
values
Returns an array containing the constants of this enum class, in the order they are declared.- Returns:
- an array containing the constants of this enum class, in the order they are declared
-
valueOf
Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)- Parameters:
name
- the name of the enum constant to be returned.- Returns:
- the enum constant with the specified name
- Throws:
IllegalArgumentException
- if this enum class has no constant with the specified nameNullPointerException
- if the argument is null
-