W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Plumb User ID through

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Sat, 23 Sep 2017 05:38:00 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-331612354-1506145068-sysbot+gh@w3.org>

>Remember this whole deal is _only_ about resident-credentials. [...] it should explicitly not be present if the keypair is being used as a second factor.
>[...] authenticators should never return userid (or any account info for that matter) when a signature was requested using a CredentialID [this means it's being used as a second factor].

Ah, those pieces of context had gone right over my head. In that case it makes sense. Sorry for making a fuss.

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/558#issuecomment-331612354 using your GitHub account
Received on Saturday, 23 September 2017 05:37:52 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC