Re: [webauthn] Add notion of forbidding resident credential creation (#1149) from Christiaan Brand via GitHub on 2019-06-12 (public-webauthn@w3.org from June 2019)

From: Christiaan Brand via GitHub <sysbot+gh@w3.org>
Date: Wed, 12 Jun 2019 20:09:22 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-501436248-1560370161-sysbot+gh@w3.org>

Forbidden is a requirement here. Else, how am I suppose to make a credential on a security key, if I *never* want the silly key to prompt my user for PIN. We arrived at a point where the folks from MS told me that they'd be okay to not prompt for PIN (even if the "security key does have a PIN set up"), but only if it's not a resident credential. How am I suppose to enforce *NOT CREATING* a resident credential if I don't have this option?

-- 
GitHub Notification of comment by christiaanbrand
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1149#issuecomment-501436248 using your GitHub account

Received on Wednesday, 12 June 2019 20:09:24 UTC