First, thanks for you work, it's usefull & clean!
Is your feature request related to a problem? Please describe.
I have to check authenticator metadata during the attestation ceremony (ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT).
I used your library in version 3.2 "symfony style", as showed in your demo.
The UpdateMetadataStatementRepositoryCommand does work, but at already stated by you & others, the Fido MDS is not quite complete, and thus breaking attestation ceremonies with the 2 most widespread authenticators: "windows 10 Hello" and "Android"
Describe the solution you'd like
A git repository for reference of authenticator's constructor's MDS?
in addition to the Fido MDS you've referenced here in your demo app
Describe alternatives you've considered
For Windows Hello, microsoft manually references the possible aaguid in Microsoft Edge documentation (last point of "Special considerations for Windows Hello")
One could try to make MetadataStatementRepository instanciate a MetadataStatement if based on one of these aaguid, but we miss a certificate to match the authenticator's response, check it's certificate chain against the metadata, and let the ceremony complete properly
For Android, I was not able to find out documentation on where to get their MetadataStatements
Thank you in advance for any info/tips you have about that!
Additional context
First, thanks for you work, it's usefull & clean!
Is your feature request related to a problem? Please describe.
I have to check authenticator metadata during the attestation ceremony (ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT).
I used your library in version 3.2 "symfony style", as showed in your demo.
The UpdateMetadataStatementRepositoryCommand does work, but at already stated by you & others, the Fido MDS is not quite complete, and thus breaking attestation ceremonies with the 2 most widespread authenticators: "windows 10 Hello" and "Android"
Describe the solution you'd like
A git repository for reference of authenticator's constructor's MDS?
in addition to the Fido MDS you've referenced here in your demo app
Describe alternatives you've considered
For Windows Hello, microsoft manually references the possible aaguid in Microsoft Edge documentation (last point of "Special considerations for Windows Hello")
One could try to make MetadataStatementRepository instanciate a MetadataStatement if based on one of these aaguid, but we miss a certificate to match the authenticator's response, check it's certificate chain against the metadata, and let the ceremony complete properly
For Android, I was not able to find out documentation on where to get their MetadataStatements
Thank you in advance for any info/tips you have about that!
Additional context