EnterpriseAttestation Class
Namespace: Yubico.YubiKey.Fido2 Assembly: Yubico.YubiKey.dllAn enumeration denoting the FIDO2 PIN/UV enterprise attestation
public sealed class EnterpriseAttestation : Enum
Remarks
The FIDO2 standard specifies that
An enterprise is some form of organization, often a business entity. An enterprise context is in effect when a device, e.g., a computer, an authenticator, etc., is controlled by an enterprise.
An enterprise attestation is an attestation that may include uniquely identifying information. This is intended for controlled deployments within an enterprise where the organization wishes to tie registrations to specific authenticators.
The expectation is that enterprises will work directly with their authenticator vendor(s) in order to source their enterprise attestation capable authenticators.
When requesting a credential, it is possible to request one of the two enterprise attestations as well: Vendor and Platform. Use this enum to specify which attestation you want.
If the YubiKey does not support enterprise attestation, requesting it
will generate an error return. To know if enterprise attestation is
supported, get the device info
(AuthenticatorInfo) and check the
Options
property of AuthenticatorInfo). If the
option "ep"
is listed and is true
, then enterprise
attestation is supported.
The standard also specifies that an authenticator that supports only vendor-facilitated enterprise attestation can, when given a request for platform-managed enterprise attestation, return the vendor attestation.
Fields
Name | Description |
---|---|
None | No enterprise attestation is requested or used. |
PlatformManaged | Identifier for Platform-Managed Enterprise Attestation. |
value__ | |
VendorFacilitated | Identifier for Vendor-Facilitated Enterprise Attestation. |