Re: [webauthn] Supply an “intention" member in PublicKeyCredentialCreationOptions dictionary (#1292) from Lucas Garron via GitHub on 2019-09-04 (public-webauthn@w3.org from September 2019)

From: Lucas Garron via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Sep 2019 20:31:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-528074093-1567629068-sysbot+gh@w3.org>

While there are lots of knobs in the spec (user verification, platform auth, resident key), this kind of intention is definitely a useful abstraction from a website implementation — a lot of our work at GitHub involved trying to map the knobs onto recommended values for this "intention" abstraction.

One additional thought I have is that I've heard "passwordless" used to describe "usernameless" (used for both identification and auth factor) as well as "only replacing password/MFC" (used for auth but not identification). It would be useful if the spec made easier to navigate those.

-- 
GitHub Notification of comment by lgarron
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1292#issuecomment-528074093 using your GitHub account

Received on Wednesday, 4 September 2019 20:31:11 UTC