Re: [webauthn] Meaning of missing tokenBinding in ClientCollectedData? from David Waite via GitHub on 2018-05-15 (public-webauthn@w3.org from May 2018)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Tue, 15 May 2018 18:50:39 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-389274132-1526410238-sysbot+gh@w3.org>

In that case, would it be advantageous to not have two ways to indicate TB is not supported?

The spec does not take a position on whether supporting token binding is recommended for clients which also are supporting web authentication. If so, I would assume that it would be appropriate for clients to need to specify they do not support token binding, rather than have it be implicit by omission.

-- 
GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/907#issuecomment-389274132 using your GitHub account

Received on Tuesday, 15 May 2018 18:50:43 UTC