Re: [webauthn] truncation to 64-byte upper limit doesn't mention character boundaries from Emil Lundberg via GitHub on 2018-07-09 (public-webauthn@w3.org from July 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 09 Jul 2018 08:05:19 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-403394951-1531123518-sysbot+gh@w3.org>

>Is the username (truncated) used for authentication purposes ?

Mostly no - the [`user.name`][name] and [`user.displayName`][displayName] fields are used only by the authenticator to display to the user when picking a credential to use (which happens in only a subset of the use cases), and never returned to the RP after the credential is created. The [`user.id`][id] _is_ returned to the RP and used as an identifier for authentication, but unlike the other two it's defined as an opaque byte array and not a text type.

[name]: https://www.w3.org/TR/webauthn/#dom-publickeycredentialentity-name
[displayName]: https://www.w3.org/TR/webauthn/#dom-publickeycredentialuserentity-displayname
[id]: https://www.w3.org/TR/webauthn/#dom-publickeycredentialuserentity-id

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/973#issuecomment-403394951 using your GitHub account

Received on Monday, 9 July 2018 08:06:07 UTC