- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Mon, 25 Dec 2017 14:44:13 +0000
- To: public-webauthn@w3.org
Summary of currently proposed changes: - `AuthenticatorAssertionResponse.userHandle` is now nullable. - The authenticator MAY now skip storing the user handle for credentials that do not have a client-side-resident credential private key. (CTAP [currently does this][ctap]) - The authenticator now always returns the user handle if it is available. - The client now returns `userHandle: null` if the authenticator did not return the user handle. However it looks like CTAP is internally inconsistent: the `user` argument to authenticatorMakeCredential is stored only for resident keys, but the `user` attribute is required in the authenticatorGetAssertion response... [ctap]: https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#h3_authenticatorMakeCredential -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/pull/730#issuecomment-353873633 using your GitHub account
Received on Monday, 25 December 2017 14:44:15 UTC