- From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
- Date: Tue, 18 Oct 2016 01:39:24 +0000
- To: public-webauthn@w3.org
Isn't (b) implied already by the various flows? For instance the processing step that was cited in #234 requires the RP to be able to look up an account/identity using a credential ID. There is no way to do this unambiguously if you allow a single credential ID to map to multiple accounts. That said, I don't see why this is a requirement of the API. If an RP wants to do this and make their own life difficult, more power to them. Maybe they are going to use it as a way to provide redundancy between two equivalent accounts, I don't know. If we say nothing more on this topic, what would be the harm? -- GitHub Notification of comment by vijaybh Please view or discuss this issue at https://github.com/w3c/webauthn/issues/12#issuecomment-254383037 using your GitHub account
Received on Tuesday, 18 October 2016 01:39:33 UTC