Google Git
Sign in
chromium / chromium / src / 4c6070768bab73dc25a4a8d1c0e31db761624174^! / . / chrome / browser / flag_descriptions.cc
commit4c6070768bab73dc25a4a8d1c0e31db761624174[log] [tgz]
authorMartin Kreichgauer <[email protected]>Tue Mar 29 16:27:22 2022
committerChromium LUCI CQ <[email protected]>Tue Mar 29 16:27:22 2022
treef10a407b7db8fce3424abf74074605e69aafb4be
parent11a9834e8ce734c1dad287a137d2926fcba72333 [diff] [blame]
webauthn: add a flag and switch for allowing enterprise attestation

The existing SecurityKeyPermitAttestation enterprise policy allows
enterprises to request an individually identifying ("enterprise")
attestation statement when registering a WebAuthn credential on a
security key that supports this type of attestation. But in some cases,
users may want to enroll security keys with an enterprise RP on an
unmanaged device (for example if a key is registered during initial
onboarding and before enterprise policies are applied to the device; or
for users that exclusively use a non-managed device).

This change therefore adds a switch and associated UI flag that lets a
user permit individual attestation on a per-origin basis. The switch
takes a list of origins, rather than a list of (domain-shaped) RP IDs,
because "list of origins" is a well-established concept for flags but
"list of domains" isn't.

Bug: 1297751
Change-Id: Ic5fc2786f8506eb27f4c9e418512f1689b134215
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3533366
Reviewed-by: Adam Langley <[email protected]>
Reviewed-by: Elly Fong-Jones <[email protected]>
Commit-Queue: Martin Kreichgauer <[email protected]>
Auto-Submit: Martin Kreichgauer <[email protected]>
Reviewed-by: Arthur Sonzogni <[email protected]>
Cr-Commit-Position: refs/heads/main@{#986542}

diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc
index 936dc59..55b18af3 100644
--- a/chrome/browser/flag_descriptions.cc
+++ b/chrome/browser/flag_descriptions.cc

@@ -3699,6 +3699,13 @@
 const char kNtpDriveModuleDescription[] =
     "Shows the Google Drive module on the New Tab Page";
 
+const char kWebAuthenticationPermitEnterpriseAttestationName[] =
+    "Web Authentication Enterprise Attestation";
+const char kWebAuthenticationPermitEnterpriseAttestationDescription[] =
+    "Permit a set of origins to request a uniquely identifying enterprise "
+    "attestation statement from a security key when creating a Web "
+    "Authentication credential.";
+
 #if !defined(OFFICIAL_BUILD)
 const char kNtpDummyModulesName[] = "NTP Dummy Modules";
 const char kNtpDummyModulesDescription[] =