- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Tue, 21 Nov 2017 01:30:18 +0000
- To: public-webauthn@w3.org
For what it's worth **(a)** is not possible in the first factor use case (no `allowCredentials` given to `credentials.get()`), so we need this if we want to support attachment selection there. That said, I frankly can't see a use case for why an RP would ever want to allow an attachment mode for registration but not assertion. I don't see in what way that would be better than just sending `allowList: ["platformCredA", "roamingCredB"]` so the client picks the platform credential if it happens to be available. I can see how an RP could reasonably want to disable _registering_, say, wireless authenticators, but I don't see the benefit in the assertion case. I think it would only serve to frustrate the user if the RP can tell them they _can't_ use _that_ authenticator to log in _this time_. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/420#issuecomment-345887125 using your GitHub account
Received on Tuesday, 21 November 2017 01:30:22 UTC