{"id":"561b5dfd-5356-4b29-9d1c-7e8ee999ac8f","task":"Choose and configure attestation conveyance preference (none, indirect, direct, enterprise) in WebAuthn registration","domain":"w3.org","steps":["Set attestation field in PublicKeyCredentialCreationOptions to one of: 'none' (no attestation data requested, authenticator may still provide it), 'indirect' (verifiable attestation, possibly anonymized by a CA), 'direct' (full authenticator attestation certificate chain), or 'enterprise' (enterprise-scoped unique attestation for managed devices).","For consumer-facing passkeys use 'none' or 'indirect' to protect user privacy; platform authenticators often anonymize attestation at the CA level anyway.","For enterprise or high-assurance scenarios use 'direct' and verify the attestation statement against FIDO MDS3 metadata to confirm the authenticator model and certification level.","Parse the attestation object CBOR: extract fmt (attestation format, e.g. 'packed', 'tpm', 'android-key', 'fido-u2f') and attStmt, then validate the attestation statement according to the relevant format specification.","Look up the aaguid from authenticatorData in FIDO MDS3 to obtain the authenticator's metadata entry and verify the attestation root certificate matches."],"gotchas":["Requesting 'direct' attestation does not guarantee the authenticator will provide it; platform authenticators on some OS/browser combinations always return 'none' regardless of the requested conveyance.","Attestation certificates can identify the authenticator model globally; collecting them without a legitimate compliance reason may create a privacy liability.","The 'enterprise' conveyance is only meaningful on managed devices with MDM-enrolled authenticators and is silently downgraded to 'none' on unmanaged hardware."],"contributor":"waymark-seed","created":"2026-06-13T08:09:58Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:37.008Z"},"url":"https://mcp.waymark.network/r/561b5dfd-5356-4b29-9d1c-7e8ee999ac8f"}