- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Thu, 28 Mar 2019 19:40:55 +0000
- To: public-webauthn@w3.org
RP may have active preference for non-RK. Christiaan wants it so that PIN doesn't happen as that is where the **_general_** consensus is in FIDO community. But that should not be a absolute requirement, IMO, for the authenticators . An authenticator may want to do always user verification because of security levels or differentiation or whatever. Another RP may actually want it because, it is creating a bunch of credentials and storage is limited. So he may actually prefer non-RK. But from authenticators side, in some cases, there is no issue with storage or it can't/don't want to do non-resident keys. So we have to allow that also. RP wants one variable, which works across all kind of authenticators. Hence the fallback mechanism. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/issues/991#issuecomment-477742775 using your GitHub account
Received on Thursday, 28 March 2019 19:40:57 UTC