- From: levangongPayPal via GitHub <sysbot+gh@w3.org>
- Date: Tue, 10 May 2016 09:21:59 +0000
- To: public-webauthn@w3.org
levangongPayPal has just labeled an issue for https://github.com/w3c/webauthn as "spec:web-api": == Scoped credentials represent a relationship between user and RP == In the intro of section 3, it reads: "The basic idea is that the credentials belong to the user and are managed by the browser and underlying platform". I actually question the concept that the credentials solely belong to the user. These credentials represent the relationship between the relying party and the user and, as such, are co-owned by both parties. This is important because it supports the fact that we're missing the functionality of a relying party being able to delete the credentials. Both parties should be able to "sever the relationship”, i.e. delete the credentials. This may or may not be done in a manner that demands user confirmation, it still should be available. Relates to issue #26 and issue #18. See https://github.com/w3c/webauthn/issues/87
Received on Tuesday, 10 May 2016 09:22:01 UTC