Re: [webauthn] Should an RP be able to provide finer grained authenticator filtering in attestation options? (#1688)

If a RP sent a flag to disable passkeys would the platform not make the credential on the platform authenticator if that authenticator only supported passkey credentials, and prompt the user to use an external authenticator?

We did add certifications to GetInfo In speculation of browser or RP policy eventually allowing for restricting creation FIPS 140 or something like that in regulated environments.   

I can see providing a list as being useful in some situations, though it would likely add a fair bit of complexity if it is general purpose and may cause more people to shoot themselves in the foot.

I am interested in @agl ;s take on this.




-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688#issuecomment-999762204 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 22 December 2021 17:55:01 UTC