[webauthn] Assertion Transports on Authentication Success (#1666) from zakaria ridouh via GitHub on 2021-08-25 (public-webauthn@w3.org from August 2021)

From: zakaria ridouh via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Aug 2021 19:08:08 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-979538215-1629918486-sysbot+gh@w3.org>

z11h has just created a new issue for https://github.com/w3c/webauthn:

== Assertion Transports on Authentication Success ==
In order for a site to know whether a local platform authenticator was used, or whether the user used another device and thus might want to register a local platform authenticator, this is a proposal that a transport field be added to assertion responses on authentication success.

Thus, if the proposed transport field of the assertion is not “internal”, and isUVPAA (i.e a  user-verifying platform authenticator is available [1]) returns true, then sites should have the ability to offer to the user to register the current device's platform authenticator.

(In order to avoid superfluously re-registering devices if the user happened to use a phone or security key to sign in, even though the platform authenticator is already registered, the site may wish to track the registration status of the platform authenticator in local state. If the assertion transport was “internal” then the local state should be set to reflect that.)

Reference: https://github.com/w3c/webauthn/issues/1637
[1] https://w3c.github.io/webauthn/#user-verifying-platform-authenticator

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1666 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 25 August 2021 19:08:09 UTC