- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 06 Feb 2019 19:06:41 +0000
- To: public-webauthn@w3.org
If resident forbiddin is the third option then setting that would not work with some platform authenticators that always make resident credientials. That will cause RP to always ask for preferd to be the most compatable. If all RP allways ask for preferd external authenticators will fill up with resident connections afer the first x sites. Then only be able to make non resident credentials untill the user uses a credential management UI to delete a credential. I would rather have a default that lets the authenticator decide and report the credential type to the RP. That lets RP who don't care about using browser side credental selection, get something that can work passwordless in a identifier first flow but not create needlessly bad user experiences as a side efect. -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1149#issuecomment-461147108 using your GitHub account
Received on Wednesday, 6 February 2019 19:06:42 UTC