W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2018

[webauthn] Indicate resident key credential "preferred" during registration and find out what the authenticator offered

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Wed, 11 Jul 2018 13:49:46 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-340250832-1531316984-sysbot+gh@w3.org>
sbweeden has just created a new issue for https://github.com/w3c/webauthn:

== Indicate resident key credential "preferred" during registration and find out what the authenticator offered ==
I'd like to revisit the scenario I was trying to achieve in the (now close) issue #987 

Why can't the "requireResidentKey" authenticator selection criteria be a value like "preferred", "required" or "never" instead of a boolean true/false? In addition the registration response could indicate residentKey true/false as a flag similar to the userPresent and userVerified flags, or in an extension.

That way, without knowing ahead of time if an authenticator is capable of resident key (even a portable security key), the relying party could request it with fallback to derived credential (without a hard error), then notify the user of what actually happened and therefore what scenarios their key might be used for (replacement for regular username/password authentication, or only 2nd-factor scenarios)?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/991 using your GitHub account
Received on Wednesday, 11 July 2018 13:49:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:52 UTC