W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2016

[webauthn] Scoped credentials represent a relationship between user and RP

From: levangongPayPal via GitHub <sysbot+gh@w3.org>
Date: Tue, 10 May 2016 09:21:59 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-153960829-1462872118-sysbot+gh@w3.org>
levangongPayPal has just created a new issue for 
https://github.com/w3c/webauthn:

== Scoped credentials represent a relationship between user and RP ==
In the intro of section 3, it reads: "The basic idea is that the 
credentials belong to the user and are managed by the browser and 
underlying platform".
I actually question the concept that the credentials solely belong to 
the user. These credentials represent the relationship between the 
relying party and the user and, as such, are co-owned by both parties.

This is important because it supports the fact that we're missing the 
functionality of a relying party being able to delete the credentials.
 Both parties should be able to "sever the relationship”, i.e. delete 
the credentials. This may or may not be done in a manner that demands 
user confirmation, it still should be available.

Relates to issue #26 and issue #18.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/87 using your GitHub account
Received on Tuesday, 10 May 2016 09:22:01 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:15 UTC