- From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
- Date: Wed, 01 Mar 2017 19:04:47 +0000
- To: public-webauthn@w3.org
I don't think that authenticator typically would want to implement both options. I one authenticator can store the key material locally, then there is no need and no benefit (IMHO) to store the key wrapped at the RP. So rather than introducing yet another concept of dynamically controlling the authenticator behavior, we should assume a static key storage location, i.e. one AAGUID will always store keys in the same way (either locally or remotely in wrapped form). If we do so, the already have the ability for the RP to select authenticator based on AAGUIDs - and hence no need to further complicate the API. -- GitHub Notification of comment by rlin1 Please view or discuss this issue at https://github.com/w3c/webauthn/issues/367#issuecomment-283436678 using your GitHub account
Received on Wednesday, 1 March 2017 19:04:55 UTC