- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Tue, 03 Oct 2017 00:12:32 +0000
- To: public-webauthn@w3.org
@balfanz wrote: > User goes to paypal.com on their laptop, and types their username ... yes (if that is a system whose local storage was cleared or is a system the user has not used before) and then the RP's client-side webapp ought to be able to determine there's a roaming (aka external) authnr in range/connected and give it a try over CTAP2. The existing FIDO (UAF) credential is employed and the user signed-in on the browser on laptop. In the future they can just use their roaming-phone-external authnr with whatever CTAP2-enabled device without necessarily entering their username (modulo RP webapp sophistication). That said, more generally, i think it would be a mistake to remove the `type` attribute (aka "assertion type" as @rlin1 proposes) in [`PublicKeyCredentialDescriptor`](https://github.com/w3c/webauthn/blob/14c2733ca6a4a9568e4c48fef1b870448818e811/index.bs#L1406) and in [`PublicKeyCredentialParameters`](https://github.com/w3c/webauthn/blob/14c2733ca6a4a9568e4c48fef1b870448818e811/index.bs#L1080) as it is an extension point. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/554#issuecomment-333701010 using your GitHub account
Received on Tuesday, 3 October 2017 00:12:23 UTC