- From: Max Hata via GitHub <sysbot+gh@w3.org>
- Date: Thu, 05 Sep 2019 04:31:36 +0000
- To: public-webauthn@w3.org
> In this case the {{PublicKeyCredentialRequestOptions/allowCredentials}} argument risks leaking [PII],
> if the user can initiate an [=authentication ceremony=] by only providing a username.
"by only providing a username" may sound like it excludes the case where
a username is derived from "ambient credentials" such as cookies.
To eliminate this concern, how about removing "providing" or something else?
--
GitHub Notification of comment by maxhata
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1250#issuecomment-528192275 using your GitHub account
Received on Thursday, 5 September 2019 04:31:37 UTC