- From: cjthompson via GitHub <sysbot+gh@w3.org>
- Date: Tue, 26 Jul 2016 23:16:04 +0000
- To: public-webauthn@w3.org
@vijaybh - I read through the sample scenarios a few times. While it doesn't explicitly cover the scenario that you describe, it seems clear that if the authenticator is a portable device of some kind, that would allow for logging in from multiple devices. The Microsoft Account app works this way. I use a username/password to log into my account. A prompt is shown on my phone to accept the login. Once accepted, I am logged in as expected. I believe my confusion stems from the scenario in which the user's browser is the authenticator. For example, my browser generates the public/private key pair and stores it in a local store (TPM or encrypted or whatever). If the browser generates and stores the key pairs, they lose their portability. Would it be envisioned that some form of cloud storage of private keys could be used to sync private keys to multiple devices, similar to current password managers? -- GitHub Notification of comment by cjthompson Please view or discuss this issue at https://github.com/w3c/webauthn/issues/151#issuecomment-235434968 using your GitHub account
Received on Tuesday, 26 July 2016 23:16:13 UTC