IsUndesiredAuthenticatorStatus returns whether the supplied authenticator status is desirable or not.

COSE_Key format, as defined in Section 7 of RFC8152.

DER ITU-X690-2008 encoded ANSI X.9.62 formatted SubjectPublicKeyInfo RFC5480 specifying an elliptic curve public key.

Raw ANSI X9.62 formatted Elliptic Curve public key.

ASN.1 DER [ITU-X690-2008] encoded 2048-bit RSA RFC3447 public key RFC4055.

Raw encoded 2048-bit RSA public key RFC3447.

An EdDSA signature on the curve 25519, which must have raw R and S buffers, encoded in big-endian order.

An EdDSA signature on the curve Ed448, which must have raw R and S buffers, encoded in big-endian order.

DER ITU-X690-2008 encoded OCTET STRING (not BIT STRING!) containing the EMSA-PKCS1-v1_5 signature as defined in RFC3447.

This is the EMSA-PKCS1-v1_5 signature as defined in RFC3447.

RSASSA-PKCS1-v1_5 RFC3447 with SHA1(aka RS1) signature must have raw S buffers, encoded in big-endian order RFC8017 RFC4056.

RSASSA-PKCS1-v1_5 RFC3447 with SHA256(aka RS256) signature must have raw S buffers, encoded in big-endian order RFC8017 RFC4056.

RSASSA-PKCS1-v1_5 RFC3447 with SHA384(aka RS384) signature must have raw S buffers, encoded in big-endian order RFC8017 RFC4056.

RSASSA-PKCS1-v1_5 RFC3447 with SHA512(aka RS512) signature must have raw S buffers, encoded in big-endian order RFC8017 RFC4056.

DER ITU-X690-2008 encoded OCTET STRING (not BIT STRING!) containing the RSASSA-PSS RFC3447 signature RFC4055 RFC4056.

RSASSA-PSS RFC3447 signature must have raw S buffers, encoded in big-endian order RFC4055 RFC4056.

RSASSA-PSS RFC3447 signature must have raw S buffers, encoded in big-endian order RFC4055 RFC4056.

RSASSA-PSS RFC3447 signature must have raw S buffers, encoded in big-endian order RFC4055 RFC4056.

DER ITU-X690-2008 encoded ECDSA signature RFC5480 on the secp256k1 curve.

An ECDSA signature on the secp256k1 curve which must have raw R and S buffers, encoded in big-endian order.

DER ITU-X690-2008 encoded ECDSA signature RFC5480 on the NIST secp256r1 curve.

An ECDSA signature on the NIST secp256r1 curve which must have raw R and S buffers, encoded in big-endian order.

An ECDSA signature on the NIST secp384r1 curve with SHA384(aka: ES384) which must have raw R and S buffers, encoded in big-endian order.

An ECDSA signature on the NIST secp512r1 curve with SHA512(aka: ES512) which must have raw R and S buffers, encoded in big-endian order.

Chinese SM2 elliptic curve based signature algorithm combined with SM3 hash algorithm OSCCA-SM2 OSCCA-SM3.

AnonCA In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes.

AttCA - Indicates PrivacyCA attestation as defined in [TCG-CMCProfile-AIKCertEnroll].

AttestationKeyCompromise - Indicates that an attestation key for this authenticator is known to be compromised.

BasicFull - Indicates full basic attestation, based on an attestation private key shared among a class of authenticators (e.g.

BasicSurrogate - Just syntactically a Basic Attestation.

https://mds3.fido.tools/pki/MDS3ROOT.crt.

Ecdaa - Indicates use of elliptic curve based direct anonymous attestation as defined in [FIDOEcdaaAlgorithm].

Example from https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html.

FidoCertified - This authenticator has passed FIDO functional certification.

FidoCertifiedL1 - The authenticator has passed FIDO Authenticator certification at level 1.

FidoCertifiedL1plus - The authenticator has passed FIDO Authenticator certification at level 1+.

FidoCertifiedL2 - The authenticator has passed FIDO Authenticator certification at level 2.

FidoCertifiedL2plus - The authenticator has passed FIDO Authenticator certification at level 2+.

FidoCertifiedL3 - The authenticator has passed FIDO Authenticator certification at level 3.

FidoCertifiedL3plus - The authenticator has passed FIDO Authenticator certification at level 3+.

None - Indicates absence of attestation.

NotFidoCertified - This authenticator is not FIDO certified.

https://secure.globalsign.com/cacert/root-r3.crt.

Production MDS URL.

Revoked - The FIDO Alliance has determined that this authenticator should not be trusted for any reason, for example if it is known to be a fraudulent product or contain a deliberate backdoor.

SelfAssertionSubmitted - The authenticator vendor has completed and submitted the self-certification checklist to the FIDO Alliance.

UpdateAvailable - A software or firmware update is available for the device.

UserKeyPhysicalCompromise - This authenticator has known weaknesses in its key protection mechanism(s) that allow user keys to be extracted by an adversary in physical possession of the device.

UserKeyRemoteCompromise - This authenticator has identified weaknesses that allow registered keys to be compromised and should not be trusted.

UserVerificationBypass - Indicates that malware is able to bypass the user verification.

Conformance indicates if test metadata is currently being used.

Metadata is a map of authenticator AAGUIDs to corresponding metadata statements.

UndesiredAuthenticatorStatus is an array of undesirable authenticator statuses.

The BiometricAccuracyDescriptor describes relevant accuracy/complexity aspects in the case of a biometric user verification method.

https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html#biometricstatusreport-dictionary BiometricStatusReport - Contains the current BiometricStatusReport of one of the authenticator's biometric component.

CodeAccuracyDescriptor describes the relevant accuracy/complexity aspects of passcode user verification methods.

The DisplayPNGCharacteristicsDescriptor describes a PNG image characteristics as defined in the PNG [PNG] spec for IHDR (image header) and PLTE (palette table).

EcdaaTrustAnchor - In the case of ECDAA attestation, the ECDAA-Issuer's trust anchor MUST be specified in this field.

ExtensionDescriptor - This descriptor contains an extension supported by the authenticator.

MDSGetEndpointsRequest is the request sent to the conformance metadata getEndpoints endpoint.

MDSGetEndpointsResponse is the response received from a conformance metadata getEndpoints request.

MetadataBLOBPayload - Represents the MetadataBLOBPayload.

MetadataBLOBPayloadEntry - Represents the MetadataBLOBPayloadEntry https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html#metadata-blob-payload-entry-dictionary.

MetadataStatement - Authenticator metadata statements are used directly by the FIDO server at a relying party, but the information contained in the authoritative statement is used in several other places.

The PatternAccuracyDescriptor describes relevant accuracy/complexity aspects in the case that a pattern is used as the user verification method.

RogueListEntry - Contains a list of individual authenticators known to be rogue.

StatusReport - Contains the current BiometricStatusReport of one of the authenticator's biometric component.

VerificationMethodDescriptor - A descriptor for a specific base user verification method as implemented by the authenticator.

Version - Represents a generic version with major and minor fields.

AuthenticatorAttestationType - The ATTESTATION constants are 16 bit long integers indicating the specific attestation that authenticator supports.

AuthenticatorStatus - This enumeration describes the status of an authenticator model as identified by its AAID and potentially some additional information (such as a specific attestation key).