[webauthn] remove id requirement in ScopedCredentialDescriptor

AngeloKai has just created a new issue for 

== remove id requirement in ScopedCredentialDescriptor ==
Although our current spec only has one credential type: “ScopedCred”, 
we may add more types to the spec in the future. In case more types 
were added in the future and developer hasn’t done works to adopt 
their server to accept newer types, they would want to only accept 
credentials of a certain type. However, our current design doesn’t 
provide a way for them to just search by type. Developer has to 
provide both credential type and credential id in allowList and 
excludeList to specify what credentials they find acceptable. To 
provide more flexibility to the developer to search, I propose we 
remove the “required” keyword from the id parameter in 
ScopedCredentialDescriptor and revise the language in the spec about 
allowList and excludeList being lists of acceptable credentials. 
Instead, let’s change the language to a “list of search criteria to 
find credentials acceptable to the callers.”

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/245 using your GitHub account

Received on Wednesday, 2 November 2016 20:30:38 UTC