W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2020

Re: [webauthn] correct usage of userHandle? (#1385)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 09 Mar 2020 09:28:05 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-596420055-1583746083-sysbot+gh@w3.org>
You're right that the user handle has much the same function as a credential ID in terms of identifying the user. A big reason why the user handle was added is that the credential ID is created by the authenticator, which makes it undesirable to use it as a database index in some cases. The user handle is instead created by the RP, so using that gives the RP greater control of its database indices.

>am unsure how the userHandle attribute should be, as there seems to be some conflicting information

@sachaw Would you mind pointing out some of that conflicting information? That seems like something we should get fixed.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1385#issuecomment-596420055 using your GitHub account
Received on Monday, 9 March 2020 09:28:06 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC