W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2019

Re: [webauthn] WIP: More explicitly document use cases. (#1300)

From: balfanz via GitHub <sysbot+gh@w3.org>
Date: Tue, 19 Nov 2019 08:42:31 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-555395196-1574152949-sysbot+gh@w3.org>
Thanks for putting this together. It seems to me, though, that there are even more variations of parameters to consider, which map to more and/or other use cases. For example:

- What kind of attestation is requested (none vs indirect vs direct) may affect whether the RP can "inventory" their authenticators (i.e., imagine an RP that wants to ensure users use authenticators from a defined inventory).

- Whether or not the RP uses the hmacCreateSecret extension affects whether the credential/authenticator can be used to unlock devices.

- Whether or not the RP uses the credProtect extension, and which of its possible six values it selects, affects whether the authenticator can be used in certain tap-to-sign-in scenarios.

These are just off the top of my head - there might be more parameters or other extensions that also induce separate use cases that RPs may want to consider.

GitHub Notification of comment by balfanz
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1300#issuecomment-555395196 using your GitHub account
Received on Tuesday, 19 November 2019 08:42:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:08 UTC