- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Tue, 18 Oct 2016 15:20:46 +0000
- To: public-webauthn@w3.org
@vijaybh wrote: > Isn't (b) implied already by the various flows? For instance the processing step that was cited in #234 requires the RP to be able to look up an account/identity using a credential ID. There is no way to do this unambiguously if you allow a single credential ID to map to multiple accounts. sure, tho note that that processing step is just an example of how an RP might structure their use of the webauthn api. > That said, I don't see why this is a requirement of the API. If an RP wants to do this and make their own life difficult, more power to them. Maybe they are going to use it as a way to provide redundancy between two equivalent accounts, I don't know. If we say nothing more on this topic, what would be the harm? I suspect what @smachani1 was originally soliciting is more "implementation guidance" wrt the various possibilities of cred-to-account mapping permutations. I'll leave open, add to the set of "impl considerations" issues, and punt this to CR milestone for now. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/12#issuecomment-254541624 using your GitHub account
Received on Tuesday, 18 October 2016 15:20:54 UTC