W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2016

Re: [webauthn] WebAPI: FIDO Authenticator model - clarifications needed

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Tue, 18 Oct 2016 01:39:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-254383037-1476754761-sysbot+gh@w3.org>
Isn't (b) implied already by the various flows? For instance the 
processing step that was cited in #234 requires the RP to be able to 
look up an account/identity using a credential ID. There is no way to 
do this unambiguously if you allow a single credential ID to map to 
multiple accounts.

That said, I don't see why this is a requirement of the API. If an RP 
wants to do this and make their own life difficult, more power to 
them. Maybe they are going to use it as a way to provide redundancy 
between two equivalent accounts, I don't know. If we say nothing more 
on this topic, what would be the harm?

-- 
GitHub Notification of comment by vijaybh
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/12#issuecomment-254383037 using
 your GitHub account
Received on Tuesday, 18 October 2016 01:39:33 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC