W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2018

[webauthn] Requesting ability to detect if there is an authenticator available which is capable of resident key credential

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Mon, 09 Jul 2018 00:55:48 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-339274171-1531097747-sysbot+gh@w3.org>
sbweeden has just created a new issue for https://github.com/w3c/webauthn:

== Requesting ability to detect if there is an authenticator available which is capable of resident key credential ==
As a relying-party developer, I would like to be able to detect (before sending a navigator.credentials.create request) if there is an authenticator available that can accept and act on the "requireResidentKey": true authenticatorSelection criteria.

The reason for this is that such an authenticator may be used to support username-less authentication and is in may scenarios more desirable than registering for just 2nd-factor purposes using a derived credential (since such a registration can also be used for step-up or 2nd factor authentication as well).

Without a discovery API to detect this (and potentially other properties of available authenticators), the RP must first try to register with requireResidentKey: true, and if that fails, fallback to 2nd-factor. This has undesirable user experience issues.

The isUserVerifyingPlatformAuthenticatorAvailable is close, but does not cater for portable keys that support requireResidentKey: true.



Please view or discuss this issue at https://github.com/w3c/webauthn/issues/987 using your GitHub account
Received on Monday, 9 July 2018 00:55:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:52 UTC