W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2016

Re: [webauthn] Move account argument to options

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Fri, 23 Sep 2016 22:21:33 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-249316193-1474669291-sysbot+gh@w3.org>
Two concerns with this:
1. What should an authenticator with onboard storage do if a caller 
creates a credential without this option, then asks for an assertion 
without specifying a credential ID? In that case the authenticator 
will have nothing to show in its chooser UI.
2. Our solution to the "train in a tunnel" scenario of creating 
orphaned credentials was to say that the authenticator will not create
 multiple credentials for the same account ID. If we make the account 
ID optional this becomes a lot more complicated.

Would it just be better to always have this information from the 
caller, even if it was not always needed? It's not clear to me that 
going for argument-level minimalism here is worth the added complexity
 to both web developers and implementers from making this optional.

-- 
GitHub Notification of comment by vijaybh
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/219#issuecomment-249316193 
using your GitHub account
Received on Friday, 23 September 2016 22:21:52 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC