W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2019

Re: [webauthn] Indicate resident key credential "preferred" during registration and find out what the authenticator offered (#991)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Thu, 28 Mar 2019 19:40:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-477742775-1553802054-sysbot+gh@w3.org>
RP may have active preference for non-RK. 

Christiaan wants it so that PIN doesn't happen as that is where the **_general_** consensus is in FIDO community. But that should not be a absolute requirement, IMO, for the authenticators . An authenticator may want to do always user verification because of security levels or differentiation or whatever.

Another RP may actually want it because, it is creating a bunch of credentials and storage is limited. So he may actually prefer non-RK. But from authenticators side, in some cases, there is no issue with storage or it can't/don't want to do non-resident keys. So we have to allow that also. 

RP wants one variable, which works across all kind of authenticators. Hence the fallback mechanism. 

GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/991#issuecomment-477742775 using your GitHub account
Received on Thursday, 28 March 2019 19:40:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:03 UTC