- From: xialvjun via GitHub <sysbot+gh@w3.org>
- Date: Sun, 25 Feb 2018 17:13:30 +0000
- To: public-webauthn@w3.org
@emlun Thank you very much for this detail explanation. But I still have some tips don't understand: 1. Should the authenticator store the credentials for every site? In other words, if I use a software authenticator and the software is offline(ie it can not sync between different PCs), then when I use this SPEC register an account in a site, I can not use this account when I use another PC unless the two PCs' software authenticators are synced. Is it ? > Or just store only one private key and use some method like `md5(user.private_key + site.origin)` to generate the user identity for the site instantly. I vote to this method because no sync is required. Of course, if people need two or more accounts in just one site, (s)he can have many private keys. 2. `5. That authenticator creates a new credential, stores the website domain and user ID.....`, what if the website change their domain or origin? Like `www.youtube.com and m.youtube.com` and `google.com and alphabet.com`. -- GitHub Notification of comment by xialvjun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/820#issuecomment-368326238 using your GitHub account
Received on Sunday, 25 February 2018 17:13:32 UTC