W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2019

Re: [webauthn] Supply an “intention" member in PublicKeyCredentialCreationOptions dictionary (#1292)

From: Lucas Garron via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Sep 2019 20:31:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-528074093-1567629068-sysbot+gh@w3.org>
While there are lots of knobs in the spec (user verification, platform auth, resident key), this kind of intention is definitely a useful abstraction from a website implementation — a lot of our work at GitHub involved trying to map the knobs onto recommended values for this "intention" abstraction.

One additional thought I have is that I've heard "passwordless" used to describe "usernameless" (used for both identification and auth factor) as well as "only replacing password/MFC" (used for auth but not identification). It would be useful if the spec made easier to navigate those.

-- 
GitHub Notification of comment by lgarron
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1292#issuecomment-528074093 using your GitHub account
Received on Wednesday, 4 September 2019 20:31:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:07 UTC