[webauthn] Clarify which user to authenticate if userHandle is not present from milesstoetzner via GitHub on 2018-09-20 (public-webauthn@w3.org from September 2018)

From: milesstoetzner via GitHub <sysbot+gh@w3.org>
Date: Thu, 20 Sep 2018 11:14:55 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-362139295-1537442095-sysbot+gh@w3.org>

milesstoetzner has just created a new issue for https://github.com/w3c/webauthn:

== Clarify which user to authenticate if userHandle is not present ==
Maybe one should clarify Step 2 of [Verifying an authentication assetion](https://www.w3.org/TR/webauthn/#verifying-assertion) for the case, that userHandle is not present:

>2. If credential.response.userHandle is present, verify that the user identified by this value is the owner of the public key credential identified by credential.id.
**If credential.response.userHandle is not present, the owner of the public key credential identified by credential.id is the user to authenticate.**

Greetings, 
Miles

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1078 using your GitHub account

Received on Thursday, 20 September 2018 11:14:57 UTC