- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Wed, 31 May 2017 23:15:56 +0000
- To: public-webauthn@w3.org
not a duplicate of issue #387 tho closely related i think. I will try to address this in PR #427, if I understand this issue correctly.
A consideration regarding roaming authnrs is that if a roaming authnr is also multi-factor (nee first-factor), then the [credential private key is stored in the authnr's internal storage](https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-uaf-authnr-cmds-v1.1-id-20170202.html#first-factor-roaming-authenticator) -- i think this is the rationale behind your 3d parag where you say:
> our current approach doesn't allow roaming authenticators (i.e. in which the platform doesn't know which credentials are related to the authenticator)
..yes?
where you say:
> **_without_** expecting it to be used as a second-factor (i.e. in a situation in which the RP server could already provide the credentialList).
Should "**_without_**" actually be "**_unless_**" ?
> We could modify step 13.3 in section 4.1.4 to say:
It seems you are referring to the https://www.w3.org/TR/webauthn/ spec revision? Might be better to refer to [the editor's draft](https://w3c.github.io/webauthn/). [section 4.1.4](https://w3c.github.io/webauthn/#getAssertion) is `{#getAssertion}`. Tho the step you refer to is now step 15.
--
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/481#issuecomment-305344857 using your GitHub account
Received on Wednesday, 31 May 2017 23:16:02 UTC