W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2016

Re: [webauthn] WebAPI: FIDO Authenticator model - clarifications needed

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 18 Oct 2016 15:20:46 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-254541624-1476804044-sysbot+gh@w3.org>
@vijaybh wrote:
> Isn't (b) implied already by the various flows? For instance the 
processing step that was cited in #234 requires the RP to be able to 
look up an account/identity using a credential ID. There is no way to 
do this unambiguously if you allow a single credential ID to map to 
multiple accounts.

sure, tho note that that processing step is just an example of how an 
RP might structure their use of the webauthn api.

> That said, I don't see why this is a requirement of the API. If an 
RP wants to do this and make their own life difficult, more power to 
them. Maybe they are going to use it as a way to provide redundancy 
between two equivalent accounts, I don't know. If we say nothing more 
on this topic, what would be the harm?

I suspect what @smachani1 was originally soliciting is more 
"implementation guidance" wrt the various possibilities of 
cred-to-account mapping permutations.

I'll leave open, add to the set of "impl considerations" issues, and 
punt this to CR milestone for now. 



-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/12#issuecomment-254541624 using
 your GitHub account
Received on Tuesday, 18 October 2016 15:20:54 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC