[webauthn] Should an RP be able to provide finer grained authenticator filtering in attestation options? (#1688)

sbweeden has just created a new issue for https://github.com/w3c/webauthn:

== Should an RP be able to provide finer grained authenticator filtering in attestation options? ==
The use case in mind is when an RP is required to enforce attestation-based registration requirements. Why not allow the RP to suggest in attestation options a richer set of acceptable authenticator properties? 

An extreme here might be an AAGUID allow-list however there are other scenarios such as allowing an RP to express that it does not wish to leverage passkeys. If the RP is able to provide these types of constraints up front in attestation options it would permit a more streamlined client UX during registration flows. 


Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 21 December 2021 22:30:39 UTC