Re: [webauthn] credentialList needs to be non-empty in order to call authenticatorGetAssertion

I didn't invent the "platform-specific" procedure - it was there before.
I think such platform specific procedure works fine for bound authenticators.
At this time I don't see a functionality in CTAP that would allow any platform implementing such procedure for roaming authenticators.

As a consequence I think the best thing a platform can do in such case is sending an empty credential list to the (roaming) authenticator.
According to the web authn spec on authenticatorGetAssertion the authenticator can handle empty credential lists.

GitHub Notification of comment by rlin1
Please view or discuss this issue at using your GitHub account

Received on Tuesday, 6 June 2017 15:56:02 UTC