- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Wed, 25 Oct 2017 04:41:18 +0000
- To: public-webauthn@w3.org
akshayku has just created a new issue for https://github.com/w3c/webauthn: == Define sensible limits for User and RP Entity to be stored on Authenticator as part of create credential == Currently, we have not defined limits to individual fields for User and RP entity to be stored on Authenticator apart from `User.id` which can be maximum of 64 bytes. We should define a scheme which can work for both constrained and non-constrained authenticators for a predictable ecosystem. Here is one proposal: **User Entity:** - Id: Authenticators MUST support maximum of 64 bytes. - Name: Authenticators must support minimum 64 UTF8 characters. If RP provides more than 64 UTF8 characters, authenticator optionally can **truncate** how much it wants to store. - DisplayName: Authenticators MUST support minimum of 64 UTF8 characters. If RP provides more than 64 UTF8 characters, authenticator optionally can **truncate** how much it wants to store. - Icon: Authenticators MUST support minimum of 128 UTF8 characters. If RP provides more than 128 UTF8 characters, authenticator optionally can **drop** this field all together. Here truncation does not makes sense. **RP Entity:** - Id: Authenticators can use HASH of this field as a primary index inside their database. So limit is not really needed. For completeness, we can say maximum 256 UTF characters. - Name: Authenticators must support minimum 64 UTF8 characters. If RP provides more than 64 UTF8 characters, authenticator optionally can **truncate** how much it wants to store. - Icon: Authenticators MUST support minimum of 128 UTF8 characters. If RP provides more than 128 UTF8 characters, authenticator optionally can **drop** this field all together. Here truncation does not makes sense. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/660 using your GitHub account
Received on Wednesday, 25 October 2017 04:41:39 UTC