[webauthn] No way to identify authenticator type whether is is platform or roaming if RP does not specify the type during registration (#1163) from Ki-Eun Shin via GitHub on 2019-02-22 (public-webauthn@w3.org from February 2019)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Fri, 22 Feb 2019 09:08:08 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-413307495-1550826487-sysbot+gh@w3.org>

Kieun has just created a new issue for https://github.com/w3c/webauthn:

== No way to identify authenticator type whether is is platform or roaming if RP does not specify the type during registration ==
If RP does not specify [AuthenticatorAttachment](https://w3c.github.io/webauthn/#enumdef-authenticatorattachment) during registration, depending on the devices or user preferences, user may register the platform authenticator or the roaming authenticator.

From the RP perspective, RP may refer the FIDO metadata with delivered aaguid. But, sometimes aaguid (e.g., non attestation conveyance preference) cannot identify specific authenticator so that RP cannot get the authenticator type.

To provide better UXs for authentication and authentication management, it's nice to deliver such information within the registration process.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1163 using your GitHub account

Received on Friday, 22 February 2019 09:08:10 UTC