W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Plumb User ID through

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Fri, 22 Sep 2017 10:08:00 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-331407254-1506074869-sysbot+gh@w3.org>
CredentialID are supposed to be globally unique. Without that, these cannot be used as globally index in the database and that's how MS has implemented it being very privacy oriented where we are not using userid. You cannot have single byte key index. We should define a minimum length for credential ID length and its randomness if there is any confusion.

If RP's sees a duplicate during makeCredential time and are having a global index based on credentialID  they should reject the registration and start again.

GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/558#issuecomment-331407254 using your GitHub account
Received on Friday, 22 September 2017 10:07:54 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC