From a71faec9c0eafac416d3706b3475608b54e9ebe7 Mon Sep 17 00:00:00 2001
From: Tim Cappalli <tim@cloudauth.dev>
Date: Wed, 27 Mar 2024 15:27:32 +0000
Subject: [PATCH] add timeSinceUv extension

---
 index.bs | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/index.bs b/index.bs
index cb7037169..88b21d05a 100644
--- a/index.bs
+++ b/index.bs
@@ -7611,6 +7611,59 @@ To <dfn abstract-op>Create a new supplemental public key record</dfn>, perform t
         In [step 22](#authn-ceremony-update-credential-record) of [[#sctn-verifying-assertion]],
         [=set/append=] this [=supplemental public key record=] to |credentialRecord|.[$credential record/supplementalPubKeys$].
 
+### Time Since User Verification Extension (timeSinceUv) ### {#sctn-time-since-uv-extension}
+
+This extension enables an authenticator to disclose the time since the last user verification was peformed.
+
+:   Extension identifier
+::  `timeSinceUv`
+
+:   Operation applicability
+::  [=registration extension|Registration=] and [=authentication extension|Authentication=] when {{AuthenticatorSelectionCriteria/userVerification}} is set to {{UserVerificationRequirement/preferred}}.
+
+:   Client extension input
+::  The Boolean value [TRUE] to indicate that this extension is requested by the [=[RP]=].
+        <xmp class="idl">
+        partial dictionary AuthenticationExtensionsClientInputs {
+          boolean timeSinceUv;
+        };
+        </xmp>
+
+:   Client extension processing
+::  None, except creating the authenticator extension input from the client extension input.
+
+:   Client extension output
+::  <xmp class="idl">
+    partial dictionary AuthenticationExtensionsClientOutputs {
+        AuthenticationExtensionsTimeSinceUvOutputs timeSinceUv;
+    };
+
+    dictionary AuthenticationExtensionsTimeSinceUvOutputs {
+        unsigned long timeSinceUv;
+    };
+    </xmp>
+
+:   Authenticator extension input
+::  The Boolean value [TRUE], encoded in CBOR (major type 7, value 21).
+
+        ```
+        $$extensionInput //= (
+          timeSinceUv: true,
+        )
+        ```
+
+:   Authenticator extension processing
+::  The [=authenticator=] sets the [=authenticator extension output=] to be the time in milliseconds since [=user verification=] was performed.
+    This extension can be added to attestation objects and assertions.
+
+:   Authenticator extension output
+::  Authenticators can report a single value which MUST be between 1000 (1 second) and 86400000 (1 day), and MUST be rounded up to the next power of two. 
+
+    ```
+    $$extensionOutput //= (
+      timeSinceUv: timeSinceUvValue,
+    )
+    ```
 
 # User Agent Automation # {#sctn-automation}