- From: asmusf via GitHub <sysbot+gh@w3.org>
- Date: Mon, 09 Jul 2018 20:31:11 +0000
- To: public-webauthn@w3.org
On 7/9/2018 1:05 AM, Emil Lundberg wrote: > > Is the username (truncated) used for authentication purposes ? > > Mostly no - the |user.name| > <https://www.w3.org/TR/webauthn/#dom-publickeycredentialentity-name> > and |user.displayName| > <https://www.w3.org/TR/webauthn/#dom-publickeycredentialuserentity-displayname> > fields are used only by the authenticator to display to the user when > picking a credential to use (which happens in only a subset of the use > cases), and never returned to the RP after the credential is created. > The |user.id| > <https://www.w3.org/TR/webauthn/#dom-publickeycredentialuserentity-id> > /is/ returned to the RP and used as an identifier for authentication, > but unlike the other two it's defined as an opaque byte array and not > a text type. > If name / displayname are truncated, then truncation on a *character* boundary makes sense - a client could further truncate at a EGC boundary before placing an ellipsis. One issue with truncating like this is that it's not clear to the user agent that a string has been truncated; how would that be handled? -- GitHub Notification of comment by asmusf Please view or discuss this issue at https://github.com/w3c/webauthn/issues/973#issuecomment-403610286 using your GitHub account
Received on Monday, 9 July 2018 20:31:21 UTC