Re: [webauthn] Contradiction in whether user handle is required from Emil Lundberg via GitHub on 2017-12-12 (public-webauthn@w3.org from December 2017)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 12 Dec 2017 17:02:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-351116398-1513098174-sysbot+gh@w3.org>

The RP is required to provide the user handle when creating a new credential: https://github.com/w3c/webauthn/pull/558#issuecomment-331535523 So I do think it makes sense to drop "optional" here. U2F devices will ignore it, and as that comment points out they won't be expected to return it since they're always used in 2nd factor mode.

However, I think that also means we need to change [authenticatorGetAssertion step 13][aga] and up the stack to include this behaviour.

[aga]: https://w3c.github.io/webauthn/#authenticatorGetAssertion-return-values

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/720#issuecomment-351116398 using your GitHub account

Received on Tuesday, 12 December 2017 17:04:48 UTC