Re: [webauthn] Prevent browsers from deleting credentials that the RP wanted to be server-side (#1569) from Matthew Miller via GitHub on 2021-04-15 (public-webauthn@w3.org from April 2021)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Thu, 15 Apr 2021 02:27:22 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-820010918-1618453640-sysbot+gh@w3.org>

@lgarron What is the User Story you're trying to engineer a solution to?

From everything I read so far I'm understanding it's something related to handling user login from a "new computer" (new/different browser profile, etc...), but beyond that there're some generalizations that are making it hard to figure out what your exact problem is. Is it some kind of issue related to 2FA-oriented attestation (UP-only, `"none"` attestation) internally generating a discoverable credential that is at risk of being replaced when you try to "upgrade" that user to Passwordless or Usernameless via a "re-registration" (a second attestation requiring UV and direct attestation)?

-- 
GitHub Notification of comment by MasterKale
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1569#issuecomment-820010918 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 15 April 2021 02:27:29 UTC