W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2016

[webauthn] Move `allowList` from optional to default on `getAssertion`

From: bifurcation via GitHub <sysbot+gh@w3.org>
Date: Wed, 28 Sep 2016 06:38:02 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-179691581-1475044681-sysbot+gh@w3.org>
bifurcation has just created a new issue for 

== Move `allowList` from optional to default on `getAssertion` ==
The relying party cannot use an assertion from a credential for which 
it does not have the public key.  So the API should only allow an RP 
to `getAssertion` from a credential whose ID it provides.  This just 
requires moving `allowList` from the `options` argument to 
`getAssertion` to the main method signature.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/221 using your GitHub account
Received on Wednesday, 28 September 2016 06:38:29 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC