You're right that the user handle has much the same function as a credential ID in terms of identifying the user. A big reason why the user handle was added is that the credential ID is created by the authenticator, which makes it undesirable to use it as a database index in some cases. The user handle is instead created by the RP, so using that gives the RP greater control of its database indices. >am unsure how the userHandle attribute should be, as there seems to be some conflicting information @sachaw Would you mind pointing out some of that conflicting information? That seems like something we should get fixed. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1385#issuecomment-596420055 using your GitHub accountReceived on Monday, 9 March 2020 09:28:06 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC