You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: refine passkey ACR/AMR tables with original remarks and layout fixes
Restore original remarks content including login_hint JSON examples for
mid_al2_any, mid_al4_any, and mid_al4_passkey rows. Remove AL and
Phishing-Resistant columns, optimize icon column widths, fix double
horizontal scrollbar issue by overriding VitePress table defaults.
<td>Passkey-preferred if <code>passkeys_enabled:true</code>. Fallback to SIM/App/SMS if passkey auth fails.</td>
261
+
<td><strong>Passkey-preferred</strong>, if <code>passkeys_enabled:true</code> for the client account.<br><strong>User can select a fallback method</strong> if Passkey Auth fails.<br>Use this AL if UX is more important than security.<br><br>Optional <code>login_hint</code> to provide MSISDN:<br><codeclass="code-inline">{"enableManualInput": false, "hints": [{"msisdn":"+41765XXXXXX"}]}</code></td>
262
262
</tr>
263
263
<tr>
264
264
<tdclass="col-acr"><code>mid_al3_any</code></td>
@@ -313,7 +313,7 @@ The following table shows how passkeys fit into the MobileID Authentication Leve
<td>Passkey-preferred if <code>passkeys_enabled:true</code>. Fallback to SIM/App. RP must provide <code>sn</code> and <code>keyringId</code> in <code>login_hint</code>.</td>
316
+
<td><strong>Passkey-preferred</strong>, if <code>passkeys_enabled:true</code> for the client account.<br>User can select a fallback method if Passkey Auth fails.<br>Use this AL if security is important and phishing risk is acceptable.<br><br>RP must provide <strong>SN</strong> and <strong>KeyRingId</strong> (if Passkey is enabled) in <code>login_hint</code>:<br><codeclass="code-inline">{"enableManualInput": false, "hints": [{"msisdn":"+41765XXXXXX", "sn":"+574XXXXXX", "keyringId":"MIDPKXXXXXXXXXX"}]}</code></td>
<td><strong>Passkey-only</strong> & phishing-resistant. RP must provide <code>keyringId</code> in <code>login_hint</code>. NIST AAL3 if FIPS 140-2 certified authenticator.</td>
360
+
<td><strong>Passkey-only</strong> &<strong>phishing-resistant</strong>.<br>Use this AL if security and phishing-resistance is important, with a trade-off that only Passkeys can be used.<br><br><strong>Optionally</strong>, this scenario may be used to comply with <strong>NIST AAL3</strong>, which requires the user to have a FIPS 140-2 certified authenticator (passkey) registered.<br><br>RP must provide <strong>KeyRingId</strong> in <code>login_hint</code>:<br><codeclass="code-inline">{"hints": [{"msisdn":"+41765XXXXXX", "keyringId":"MIDPKXXXXXXXXXX"}]}</code></td>
361
361
</tr>
362
362
</tbody>
363
363
</table>
@@ -539,7 +539,10 @@ Start with `mid_al2_any` (passkey-preferred with fallback) for the smoothest use
539
539
540
540
.acr-table,
541
541
.amr-table {
542
+
display: table;
543
+
overflow: visible;
542
544
width: auto;
545
+
min-width: 1200px;
543
546
border-collapse: collapse;
544
547
font-size: 0.9em;
545
548
margin-bottom: 20px;
@@ -578,16 +581,33 @@ Start with `mid_al2_any` (passkey-preferred with fallback) for the smoothest use
0 commit comments