Re: [webauthn] credentialList needs to be non-empty in order to call authenticatorGetAssertion from Rolf Lindemann via GitHub on 2017-06-06 (public-webauthn@w3.org from June 2017)

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Tue, 06 Jun 2017 15:55:56 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-306531996-1496764555-sysbot+gh@w3.org>

I didn't invent the "platform-specific" procedure - it was there before.
I think such platform specific procedure works fine for bound authenticators.
At this time I don't see a functionality in CTAP that would allow any platform implementing such procedure for roaming authenticators.

As a consequence I think the best thing a platform can do in such case is sending an empty credential list to the (roaming) authenticator.
According to the web authn spec on authenticatorGetAssertion the authenticator can handle empty credential lists.

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/481#issuecomment-306531996 using your GitHub account

Received on Tuesday, 6 June 2017 15:56:02 UTC