W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2021

Re: [webauthn] Should an RP be able to provide finer grained authenticator filtering in attestation options? (#1688)

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Thu, 23 Dec 2021 19:51:01 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1000496951-1640289059-sysbot+gh@w3.org>
Shane and I have been talking with Max H in the consumer deployment working group. 

I think he is looking for a simple way for RP to disable passkey without having to completely change all their existing webAuthn logic.   That is I think partially where this request is coming from.

I suspect that @timcappalli is correct and any RP not wanting to accept passkey replication is going to have to do the work to redesign their backend to support that.

Keeping the default hardware-bound keys and making the RP do something to accept passkeys received a negative response at the plenary.

I understand that the desire is for the default to be what platforms consider to be the larger use case.  

GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688#issuecomment-1000496951 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 23 December 2021 19:51:03 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC