- From: Arshad Noor via GitHub <sysbot+gh@w3.org>
- Date: Wed, 04 Aug 2021 21:49:51 +0000
- To: public-webauthn@w3.org
Please forgive my lack of intimate knowledge about the payments ecosystem, Natalie (@ncthbrt). There are many terms in your use-case that are not clear to me. > Allow the user to sign in to one or more **institutions** Are you referring to the Merchant, PSP or the Issuer, here? > from their **device**. Are you referring to their mobile device, desktop/laptop or Security Key (aka FIDO Authenticator) here? > This typically entails entering **credentials** Which credentials are you referring to here? For passwordless FIDO/WebAuthn authentication, there is nothing for the Consumer to type in. > Note: Storing these credentials is NOT what we we want to use the WebAuthn API for. The RP that registers a FIDO/WebAuthn credential is required to store some credential-related information - these are not secrets, but some information _has_ to be stored to verify assertions - otherwise, there is no point in using FIDO. The remaining statements in your flow will become clearer once the meaning of the terms above are clarified. -- GitHub Notification of comment by arshadnoor Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1656#issuecomment-892998260 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 4 August 2021 21:49:53 UTC