The document describes the WebAuthn registration process between a browser, authenticator, and relying party server. It involves: 1) The browser requesting a challenge from the server. 2) The authenticator generating a new key pair and signing the challenge. 3) The browser returning the signed challenge, new public key, and credential ID to the server. 4) The server verifying the signature to complete registration.

1. WebAuthn Registration

2. Registration
Browser
Registration
1
Relying Party
Javascript
Client
WebAuthn API
Username
Name
Web Server/
Relying Party
Server
Authenticator

3. Server Challenge - Create Public Key
Credentials
Browser
Registration
1
2
Username
Challenge
RP Info
Challenge
Username
Name
Web Server/
Relying Party
Server
Authenticator
WebAuthn API
Relying Party
Javascript
Client

4. Server Challenge Response - Browser to
Authenticator
Browser
Username
Challenge
RP Id & Info
Challenge +
Domain 3
Web Server/
Relying Party
Server
2
Registration
1
Username
Name
Username
Challenge
RP Info
Challenge
Authenticator
WebAuthn API
Relying Party
Javascript
Client

5. Authenticator
Browser
3
4
New Key Pair
Attestation
User
Verification
Challenge +
Domain
Authenticate
& Generate
Key Pair
Web Server/
Relying Party
Server
2
Registration
1
Username
Name
Username
Challenge
RP Info
Challenge
Authenticator
WebAuthn API
Relying Party
Javascript
Client
Username
Challenge
RP Id & Info

6. Response to the Server
Browser
3
5
New Public
Key
Signed
Challenge
Credential Id
Attestation
Authenticate &
Generate Key
Pair
New Key Pair
Attestation
User
Verification
Web Server/
Relying Party
Server
Sign Challenge
2
Registration
1
Username
Name
Username
Challenge
RP Info
Challenge
Authenticator
4
WebAuthn API
Relying Party
Javascript
Client
Challenge +
Domain
Username
Challenge
RP Id & Info

7. Registration Complete!
Browser
Authenticator
23
Web Server/
Relying Party
Server
6
New Public
Key
Signed
Challenge
Credential Id
Attestation
Obj
54
Registration
1
New Public
Key
Signed
Challenge
Credential Id
Attestation
Username
Name
Username
Challenge
RP Info
Challenge
Sign Challenge
Authenticate &
Generate Key
Pair
Challenge
Response
WebAuthn API
Relying Party
Javascript
Client
Challenge +
Domain
New Key Pair
Attestation
User
Verification
Username
Challenge
RP Id & Info

8. Registration Complete!
Browser
Authenticator
23
Web Server/
Relying Party
Server
6
7
Verify Signature
New Public
Key
Signed
Challenge
Credential Id
Attestation
Obj
54
Registration
1
New Public
Key
Signed
Challenge
Credential Id
Attestation
Username
Name
Username
Challenge
RP Info
Challenge
Sign Challenge
Authenticate &
Generate Key
Pair
Challenge
Response
WebAuthn API
Relying Party
Javascript
Client
Username
Challenge
RP Id & Info
Challenge +
Domain
New Key Pair
Attestation
User
Verification