java-webauthn-server icon indicating copy to clipboard operation
java-webauthn-server copied to clipboard
verified publisher icon Yubico

BiometricAccuracyDescriptor Does Not Parse Impostor Attack Presentation Accept Rate Values

Open meibenny opened this issue 6 months ago • 1 comments

BiometricAccuracyDescriptor is unable to parse Impostor Attack Presentation Accept Rate (iAPAR) values. It's not defined in the Fido Metadata Statement BiometricAccuracyDescriptor dictionary, but the value appears in some metadata statements found in the metadata blob. I downloaded a new blob file earlier today from https://fidoalliance.org/metadata/ with md5 hash 34421d0cb4dbe98aa11ce833318d511f .

A metadata statement with aaguid 6e8d1eae-8d40-4c25-bcf8-4633959afc71 for Veridium iOS SDK has a key name of iAPARThreshold in its baDesc dictionary. Other examples exist in the file including aaguids:

  • 6ec5cff2-a0f9-4169-945b-f33b563f7b99
  • 5626bed4-e756-430b-a7ff-ca78c8b12738

meibenny avatar Jul 26 '25 00:07 meibenny