Re: API consumer question: How do we recover Credential? from J.C. Jones on 2016-07-17 (public-webauthn@w3.org from July 2016)

From: J.C. Jones <jc@mozilla.com>
Date: Sun, 17 Jul 2016 05:40:27 -0700
To: Vijay Bharadwaj <vijaybh@microsoft.com>
Cc: W3C WebAuthn WG <public-webauthn@w3.org>
Message-ID: <CAObDDPAKSfMUMfrAs0xQk=K8R81ASLtA3NubH5K=oF5jy6a2Fg@mail.gmail.com>

Rolling it into #60 makes sense to me.

On Fri, Jul 15, 2016 at 11:18 PM, Vijay Bharadwaj <vijaybh@microsoft.com>
wrote:

> So couldn’t an RP tell this from the attestations? It would know which of
> its credentials will or will not work without the optional argument, and
> could do the UI accordingly.
>
>
There's nothing to my knowledge in the attestation certificate to identify
how an authenticator functions; it would be up to the RP to define
something using out-of-band knowledge, wouldn't it?

Or you could define a heuristic that says, if a Credential's *id* field is
very long, then it's probably an authenticator which doesn't remember keys.

That's all that occurs to me, anyway!

J.C.

Received on Sunday, 17 July 2016 12:41:15 UTC