W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2019

Re: [webauthn] Supply an “intention" member in PublicKeyCredentialCreationOptions dictionary (#1292)

From: Lucas Garron via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Sep 2019 20:31:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-528074093-1567629068-sysbot+gh@w3.org>
While there are lots of knobs in the spec (user verification, platform auth, resident key), this kind of intention is definitely a useful abstraction from a website implementation — a lot of our work at GitHub involved trying to map the knobs onto recommended values for this "intention" abstraction.

One additional thought I have is that I've heard "passwordless" used to describe "usernameless" (used for both identification and auth factor) as well as "only replacing password/MFC" (used for auth but not identification). It would be useful if the spec made easier to navigate those.

GitHub Notification of comment by lgarron
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1292#issuecomment-528074093 using your GitHub account
Received on Wednesday, 4 September 2019 20:31:11 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:38 UTC