W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2017

Re: [webauthn] remove "required" on ScopedCredentialDescriptor.id

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Thu, 25 May 2017 16:33:27 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-304056745-1495730006-sysbot+gh@w3.org>
@jcjones wrote:
> I could go either way about adding the note to PublicKeyCredentialType to the effect that PublicKeyCredentialDescriptor.id is mandatory for "public-key" types

I'm confused -- which note? By "the note", perhaps you are referring to something said in conversation (eg on the webauthn call last week?) ?

Where you say "[PublicKeyCredentialType](https://w3c.github.io/webauthn/#credentialType)" above, did you actually mean "[PublicKeyCredentialDescriptor](https://w3c.github.io/webauthn/#credential-dictionary)" ?

> is mandatory for "public-key" types, because I feel like it's self-evident when you have a key handle. 

So what you are suggesting here is that if the RP does have a credential ID for a cred of type "public-key", it must supply it in the PublicKeyCredentialDescriptor.id, **_regardless of authnr capabilities_** ?

Is this because some authnrs supporting "public-key" creds must be presented with the credential ID to do anything (eg U2F authnrs) ?    

This is not the case for all authnrs supporting "public-key" creds, yes?  

also, "key handle" is confusing -- that term only occurs in [S 7.6. FIDO U2F Attestation Statement Format](https://w3c.github.io/webauthn/#fido-u2f-attestation) -- did you intend to say "credential ID" ?



-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/245#issuecomment-304056745 using your GitHub account
Received on Thursday, 25 May 2017 16:33:38 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:26 UTC