Re: [webauthn] Enable RP to choose authenticators based on key storage capability from Angelo Liao via GitHub on 2017-03-22 (public-webauthn@w3.org from March 2017)

From: Angelo Liao via GitHub <sysbot+gh@w3.org>
Date: Wed, 22 Mar 2017 18:56:47 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-288503842-1490209006-sysbot+gh@w3.org>

@jyasskin I thought about making cred ID optional before. However, the challenge is that if ID is not required, the allowList as of today is basically useless. I think when Vijay mentioned empty allowList, he meant that the RP doesn't add the allowList parameter in option. If an RP trusts the authenticator to find credentials just based on RP ID, the RP would just not pass in allowList. 

-- 
GitHub Notification of comment by AngeloKai
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/378#issuecomment-288503842 using your GitHub account

Received on Wednesday, 22 March 2017 18:56:53 UTC