[webauthn] Indicate resident key credential "preferred" during registration and find out what the authenticator offered from Shane Weeden via GitHub on 2018-07-11 (public-webauthn@w3.org from July 2018)

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Wed, 11 Jul 2018 13:49:46 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-340250832-1531316984-sysbot+gh@w3.org>

sbweeden has just created a new issue for https://github.com/w3c/webauthn:

== Indicate resident key credential "preferred" during registration and find out what the authenticator offered ==
I'd like to revisit the scenario I was trying to achieve in the (now close) issue #987 

Why can't the "requireResidentKey" authenticator selection criteria be a value like "preferred", "required" or "never" instead of a boolean true/false? In addition the registration response could indicate residentKey true/false as a flag similar to the userPresent and userVerified flags, or in an extension.

That way, without knowing ahead of time if an authenticator is capable of resident key (even a portable security key), the relying party could request it with fallback to derived credential (without a hard error), then notify the user of what actually happened and therefore what scenarios their key might be used for (replacement for regular username/password authentication, or only 2nd-factor scenarios)?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/991 using your GitHub account

Received on Wednesday, 11 July 2018 13:49:47 UTC