W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2019

Re: [webauthn] Add notion of forbidding resident credential creation (#1149)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Thu, 13 Jun 2019 04:02:36 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-501539983-1560398554-sysbot+gh@w3.org>
If the goal is RP UX that prevents asking for a PIN, the change should be in WebAuthn - to forbid creating credentials that will require a PIN (or perhaps any form of UV) at authentication time.

Correct me if I'm wrong - CTAP is important, but it does not preclude other roaming authenticator specifications in the future, and also does not dictate platform authenticator behavior. It also isn't the spec that a RP should be looking at for WebAuthn API behavior.

GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1149#issuecomment-501539983 using your GitHub account
Received on Thursday, 13 June 2019 04:02:38 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:37 UTC