Re: [webauthn] Add notion of forbidding resident credential creation (#1149) from David Waite via GitHub on 2019-06-13 (public-webauthn@w3.org from June 2019)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Thu, 13 Jun 2019 04:02:36 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-501539983-1560398554-sysbot+gh@w3.org>

If the goal is RP UX that prevents asking for a PIN, the change should be in WebAuthn - to forbid creating credentials that will require a PIN (or perhaps any form of UV) at authentication time.

Correct me if I'm wrong - CTAP is important, but it does not preclude other roaming authenticator specifications in the future, and also does not dictate platform authenticator behavior. It also isn't the spec that a RP should be looking at for WebAuthn API behavior.

-- 
GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1149#issuecomment-501539983 using your GitHub account

Received on Thursday, 13 June 2019 04:02:38 UTC