W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2017

Re: [webauthn] Contradiction in whether user handle is required

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 12 Dec 2017 17:02:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-351116398-1513098174-sysbot+gh@w3.org>
The RP is required to provide the user handle when creating a new credential: https://github.com/w3c/webauthn/pull/558#issuecomment-331535523 So I do think it makes sense to drop "optional" here. U2F devices will ignore it, and as that comment points out they won't be expected to return it since they're always used in 2nd factor mode.

However, I think that also means we need to change [authenticatorGetAssertion step 13][aga] and up the stack to include this behaviour.

[aga]: https://w3c.github.io/webauthn/#authenticatorGetAssertion-return-values

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/720#issuecomment-351116398 using your GitHub account
Received on Tuesday, 12 December 2017 17:04:48 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:30 UTC