W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Plumb User ID through

From: Christiaan Brand via GitHub <sysbot+gh@w3.org>
Date: Wed, 20 Sep 2017 17:33:21 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-330924503-1505928789-sysbot+gh@w3.org>
Sure. But only the actual RP will get it back, and if you have the credential ID (and can masquerade as the RP) you already have the corresponding account, right? Do we really need to limit this?

GitHub Notification of comment by christiaanbrand
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/558#issuecomment-330924503 using your GitHub account
Received on Wednesday, 20 September 2017 17:33:48 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC