- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Fri, 01 Mar 2019 21:25:13 +0000
- To: public-webauthn@w3.org
on 27-Feb-2019, @christiaanbrand replied in email rather than here: MS made a case for not doing that. The idea was: 1. Token contains some blob which says "for which" RPs individual attestation might be required 2. Upon registration, token sends blob to browser. Browser interprets it. Might show additional UI telling user what they're about to do. 3. If browser is happy, it'll set the "ep" bit in CTAP. Maybe we want that in conjunction with the "EP" flag in WebAuthn too. Dunno. We have a use case where for the same RPID, sometime we want ep, and sometimes we don't. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1147#issuecomment-468816910 using your GitHub account
Received on Friday, 1 March 2019 21:25:14 UTC