W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] user id should be returned in get()

From: christiaanbrand via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Sep 2017 14:26:03 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-329184694-1505312753-sysbot+gh@w3.org>
CredentialID is also PII. I'm not sure there's any difference in something that's in plaintext or need to be looked up in a DB (by the RP). Most RPs (including Google) can't key off of CredentialID and requiring this will be a major impediment to implementing this protocol (not only for us).

-- 
GitHub Notification of comment by christiaanbrand
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/556#issuecomment-329184694 using your GitHub account
Received on Wednesday, 13 September 2017 14:25:58 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC