- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 11 Nov 2020 20:30:45 +0000
- To: public-webauthn@w3.org
It would be good if we could understand the reasons. Most platforms intend to have a platform level authenticator. If the credentials in the PWA are not globally available to other browsers and native apps I would see this potentially causing fragmentation and user confusion. Also while I have nothing against PWA a native platform authenticator can use HW backed key protection and may have other security advantages, on the other hand, A PWA would be better than a password. So it is hard to say how much effort should go into this without fully understanding the use case. Also Duo is separately proposing a HTTPS based CTAP transport that would allow a native app to be paired with the platform as an authenticator, even across platforms. John B. -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1514#issuecomment-725645687 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 11 November 2020 20:30:46 UTC