Re: [webauthn] FIDO U2F Attestation Statement Format needs to clarify that user handle will be empty from Ki-Eun Shin via GitHub on 2017-12-12 (public-webauthn@w3.org from December 2017)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Tue, 12 Dec 2017 16:14:53 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-351100623-1513095293-sysbot+gh@w3.org>

I think it would be better to add more description regarding this at step 1 of §7.2 Verifying an authentication assertion. We need to provide detailed procedures for the RP server to look up credential public key with credential id and user handle. 
We need to mention the fact that the RP server should look up credential public keys with user id before sending an challenge and then select one from the keys after getting an assertion with credential Id in case of 2nd factor use cases.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/715#issuecomment-351100623 using your GitHub account

Received on Tuesday, 12 December 2017 16:15:30 UTC