W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2020

[webauthn] How "preferred" is a "preferred" resident key (#1463)

From: Christiaan Brand via GitHub <sysbot+gh@w3.org>
Date: Fri, 31 Jul 2020 20:27:26 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-670194298-1596227244-sysbot+gh@w3.org>
christiaanbrand has just created a new issue for https://github.com/w3c/webauthn:

== How "preferred" is a "preferred" resident key ==
Now that we have the residentKey tri-state {discouraged, preferred, required} implemented, we should define what "level of preferredness" preferred actually means so that users have a consistent experience across client platforms.

There are multiple options:
i) We’ll always create a resident key, even if we have to guide the user in setting up a PIN first.
ii) If internal-UV or a PIN is already configured, we’ll prompt for a PIN / do UV and, if successful, create a resident key.

I'd like to vote that we do (i) where possible, and on devices (such as phones where we can't guide the user through PIN setup today) we do (ii), but with the intent to move to (i) in the long run.

What do folks thinks about this? Can we make a PR to tighten this up in the spec?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1463 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 31 July 2020 20:27:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 31 July 2020 20:27:29 UTC