W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2019

Re: [webauthn] Indicate resident key credential "preferred" during registration and find out what the authenticator offered (#991)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Thu, 28 Mar 2019 19:40:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-477742775-1553802054-sysbot+gh@w3.org>
RP may have active preference for non-RK. 

Christiaan wants it so that PIN doesn't happen as that is where the **_general_** consensus is in FIDO community. But that should not be a absolute requirement, IMO, for the authenticators . An authenticator may want to do always user verification because of security levels or differentiation or whatever.

Another RP may actually want it because, it is creating a bunch of credentials and storage is limited. So he may actually prefer non-RK. But from authenticators side, in some cases, there is no issue with storage or it can't/don't want to do non-resident keys. So we have to allow that also. 

RP wants one variable, which works across all kind of authenticators. Hence the fallback mechanism. 


-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/991#issuecomment-477742775 using your GitHub account
Received on Thursday, 28 March 2019 19:40:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:03 UTC