- From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
- Date: Thu, 22 Apr 2021 09:14:37 +0000
- To: public-webauthn@w3.org
cyberphone has just created a new issue for https://github.com/w3c/webauthn: == Multiple Credentials in a single Enrollment == A thing for the future maybe... For payment systems there is a need to support multiple payment instruments because an Issuer may want to support international card networks as well as national or regional payment networks. Although you could link multiple payment instruments to a single credential, this creates another dimension in both the RP and the the local credential database. Therefore it seems preferable to enroll multiple credentials in a (for the user) single step. An issue that could arise is that the use would have to a provide multiple authenticator gestures (and maybe PINs as well) which adds "fuzz" to the process. Yet another issue is that you might at the same time want to deploy related credentials that do not necessarily require explicit user authorization. An example of that are credentials that are dedicated for lookup tasks like account balance requests. <hr> In a system predating FIDO, this is accomplished by a session-based credential management scheme where only the session key is attested, while authenticator- and key-creation have distinct session-based API methods. To avoid leaving a credential container in a potentially incomplete (useless) state, the credential management process (session) is atomic. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1603 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 22 April 2021 09:14:40 UTC