W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] keyType: "public-key" is superfluous

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 03 Oct 2017 00:12:32 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-333701010-1506989538-sysbot+gh@w3.org>
@balfanz wrote:
> User goes to paypal.com on their laptop, and types their username ... 
yes (if that is a system whose local storage was cleared or is a system the user has not used before) and then the RP's client-side webapp ought to be able to determine there's a roaming (aka external) authnr in range/connected and give it a try over CTAP2. The existing FIDO (UAF) credential is employed and the user signed-in on the browser on laptop. In the future they can just use their roaming-phone-external authnr with whatever CTAP2-enabled device without necessarily entering their username (modulo RP webapp sophistication).

That said, more generally, i think it would be a mistake to remove the `type` attribute (aka "assertion type" as @rlin1 proposes) in [`PublicKeyCredentialDescriptor`](https://github.com/w3c/webauthn/blob/14c2733ca6a4a9568e4c48fef1b870448818e811/index.bs#L1406) and in [`PublicKeyCredentialParameters`](https://github.com/w3c/webauthn/blob/14c2733ca6a4a9568e4c48fef1b870448818e811/index.bs#L1080) as it is an extension point.   


-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/554#issuecomment-333701010 using your GitHub account
Received on Tuesday, 3 October 2017 00:12:23 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC