Re: [webauthn] Fix #720: Don't return user handle in 2nd factor mode from Akshay Kumar via GitHub on 2017-12-21 (public-webauthn@w3.org from December 2017)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Thu, 21 Dec 2017 17:14:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-353406007-1513876448-sysbot+gh@w3.org>

Let me give you our example.

We have a distributed server environment and is doing credentialID based lookup. We use user id as a helper for lookup in this distributed environment for scalability purposes. The response server is not the same as request server. And that is why, userId is a helpful to us even in a second factor case. 

As this is not optional in CTAP spec, I see no reason for WebAuthN to hide this information. 

I am closing this. Please reopen if someone does not agree. 

-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/730#issuecomment-353406007 using your GitHub account

Received on Thursday, 21 December 2017 17:14:14 UTC