Re: API consumer question: How do we recover Credential?

On 7/17/16, 5:52 PM, "Vijay Bharadwaj" <vijaybh@microsoft.com> wrote:
>Could use the AAGUID in conjunction with metadata service.

yes, see.. 

<https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-authnr-m
etadata-v1.0-ps-20141208.html#metadata-keys>

..specifically the isSecondFactorOnly boolean.


> Or we could add a flag to be returned by authenticator at makeCredential
>time.

this notion intersects with the discussion in the "use cases" thread..

https://lists.w3.org/Archives/Public/public-webauthn/2016Jun/0086.html

..the difference being the latter discussion is regarding the webauthn RP
expressing a preference for authnr feature(s), and the former is the
authnr itself attesting to its feeature(s).  in any case, we could use the
same mechanism (eg bit flags) to express this in both cases.

HtH,

=JeffH




> 
>From: J.C. Jones [mailto:jc@mozilla.com]
>
>Sent: Sunday, July 17, 2016 5:40 AM
>To: Vijay Bharadwaj <vijaybh@microsoft.com>
>Cc: W3C WebAuthn WG <public-webauthn@w3.org>
>Subject: Re: API consumer question: How do we recover Credential?
> 
>Rolling it into #60 makes sense to me.
> 
>On Fri, Jul 15, 2016 at 11:18 PM, Vijay Bharadwaj <vijaybh@microsoft.com>
>wrote:
>
>So couldnąt an RP tell this from the attestations? It would know which of
>its credentials will or will not work without
> the optional argument, and could do the UI accordingly.
>
>
>
>
> 
>
>There's nothing to my knowledge in the attestation certificate to
>identify how an authenticator functions; it would be up to the RP to
>define something using out-of-band knowledge, wouldn't it?
>
>Or you could define a heuristic that says, if a Credential's
>id field is very long, then it's probably an authenticator which doesn't
>remember keys.
>
>That's all that occurs to me, anyway!
>
>J.C.
>
> 
>
>
>
>
>
>
>
>
>

Received on Monday, 18 July 2016 07:11:11 UTC