- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Tue, 31 Oct 2017 12:59:15 +0000
- To: public-webauthn@w3.org
First of all, there's no way to enforce such a requirement - all that would happen by ignoring it would be that one's own users would be confused. Second, it only really needs to be unique between the accounts owned by that user, and reviewing it now after my previous comments made me realize the uniqueness requirement really doesn't matter since the RP won't see the `user.name` again anyway. In fact I think it's better to drop the uniqueness recommendation entirely - the recommendation "SHOULD be easily distinguishable to the user from identifiers for other user accounts" still covers the actual need. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/pull/666#issuecomment-340754380 using your GitHub account
Received on Tuesday, 31 October 2017 12:59:18 UTC