- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Fri, 24 Dec 2021 01:13:24 +0000
- To: public-webauthn@w3.org
@sbweeden that is how I understand it as well. I believe there is only one credentialID with two public keys per device. So if the user has three devices the RP stores one CredentialID and four related public keys. One for the passkey and one for each of the devices. It will be a major change for RP that want to keep using device bound credentials . I am not necessarily arguing against this approach, but we need to be honest and realistic about the impact on enterprises and regulated entities. My concern is those organisations will just ban all platform authenticator AAGUID for however many years it will take them to update the backends. -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688#issuecomment-1000594906 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 24 December 2021 01:13:25 UTC