W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2017

Re: [webauthn] Fix #720: Don't return user handle in 2nd factor mode

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Thu, 21 Dec 2017 17:14:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-353406007-1513876448-sysbot+gh@w3.org>
Let me give you our example.

We have a distributed server environment and is doing credentialID based lookup. We use user id as a helper for lookup in this distributed environment for scalability purposes. The response server is not the same as request server. And that is why, userId is a helpful to us even in a second factor case. 

As this is not optional in CTAP spec, I see no reason for WebAuthN to hide this information. 

I am closing this. Please reopen if someone does not agree. 

-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/730#issuecomment-353406007 using your GitHub account
Received on Thursday, 21 December 2017 17:14:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:45 UTC