W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2020

Re: [webauthn] correct usage of userHandle? (#1385)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 09 Mar 2020 09:28:05 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-596420055-1583746083-sysbot+gh@w3.org>
You're right that the user handle has much the same function as a credential ID in terms of identifying the user. A big reason why the user handle was added is that the credential ID is created by the authenticator, which makes it undesirable to use it as a database index in some cases. The user handle is instead created by the RP, so using that gives the RP greater control of its database indices.

>am unsure how the userHandle attribute should be, as there seems to be some conflicting information

@sachaw Would you mind pointing out some of that conflicting information? That seems like something we should get fixed.

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1385#issuecomment-596420055 using your GitHub account
Received on Monday, 9 March 2020 09:28:06 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC