Re: [webauthn] Enable web developers to migrate keys from one domain to another

@AngeloKai this is a really good question.  Offhand, it would seem to me to be a topic for "WebAuthn Deployment Considerations"  (which presently we lump in into "implementation considerations" aka [[doc:impl-cons](])

An obvious approach for the corp acquisition use case that you outlined would be for the being-acquired webapp to work with the acquiring-webapp to effect overall cross-webapp flows such that when visiting the being-acquired webapp, users are put through a flow having them register with the acquiring-webapp.  Such machinations would need to handle all credential types (i.e., the union of types defined by CredMan & WebAuthn) because most all existing webapps will have to handle a mix of cred types for the foreseeable future. 

Nominally this topic could addressed in an Impl Cons subsection.  It perhaps ought to be discussed overall in CredMan  (cc @mikewest @battre), with per-Cred Type particulars discussed in impl-cons sections of particular cred types (eg in webauthn impl-cons)

[ note that this issue is another example of a "we ought to think about this..." issue, as discussed in ]

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at using your GitHub account

Received on Thursday, 25 May 2017 17:31:27 UTC