- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Thu, 25 May 2017 17:31:20 +0000
- To: public-webauthn@w3.org
@AngeloKai this is a really good question. Offhand, it would seem to me to be a topic for "WebAuthn Deployment Considerations" (which presently we lump in into "implementation considerations" aka [[doc:impl-cons](https://github.com/w3c/webauthn/labels/doc%3Aimpl-cons)]) An obvious approach for the corp acquisition use case that you outlined would be for the being-acquired webapp to work with the acquiring-webapp to effect overall cross-webapp flows such that when visiting the being-acquired webapp, users are put through a flow having them register with the acquiring-webapp. Such machinations would need to handle all credential types (i.e., the union of types defined by CredMan & WebAuthn) because most all existing webapps will have to handle a mix of cred types for the foreseeable future. Nominally this topic could addressed in an Impl Cons subsection. It perhaps ought to be discussed overall in CredMan (cc @mikewest @battre), with per-Cred Type particulars discussed in impl-cons sections of particular cred types (eg in webauthn impl-cons) [ note that this issue is another example of a "we ought to think about this..." issue, as discussed in https://github.com/w3c/webauthn/issues/176#issuecomment-303894095 ] -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/458#issuecomment-304071601 using your GitHub account
Received on Thursday, 25 May 2017 17:31:27 UTC