- From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
- Date: Fri, 23 Sep 2016 22:21:33 +0000
- To: public-webauthn@w3.org
Two concerns with this: 1. What should an authenticator with onboard storage do if a caller creates a credential without this option, then asks for an assertion without specifying a credential ID? In that case the authenticator will have nothing to show in its chooser UI. 2. Our solution to the "train in a tunnel" scenario of creating orphaned credentials was to say that the authenticator will not create multiple credentials for the same account ID. If we make the account ID optional this becomes a lot more complicated. Would it just be better to always have this information from the caller, even if it was not always needed? It's not clear to me that going for argument-level minimalism here is worth the added complexity to both web developers and implementers from making this optional. -- GitHub Notification of comment by vijaybh Please view or discuss this issue at https://github.com/w3c/webauthn/issues/219#issuecomment-249316193 using your GitHub account
Received on Friday, 23 September 2016 22:21:52 UTC