Re: [webauthn] fix #403: user handle - account relationship

thx @emlun .  Given our short timeframe for PropRec, perhaps we can just delete the Note from this PR,  not do PR #1053 (for now), and merge the remainder of the clarification of the user handle definition (as it presently is), and punt the subtleties to REC or Level 2 ?

in any case, WRT subtleties:
 I'm thinking that an _additional_ counterpoint is that an RP may wish to allow users to create multiple credentials on the same authnr (a platform authnr, say) that map to the same RP user account.  More generally, unless I'm misunderstanding things, it is an RP's decision whether to map user handle and RP user account as 1:1 or n:1. In the former case the RP could have the user handle equal RP user account identifier, in the latter case the RP would not.  Is this possible for RPs to do now if they wish?  Admittedly this is an edge case (?).

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1052#issuecomment-420722888 using your GitHub account

Received on Wednesday, 12 September 2018 17:00:58 UTC