W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2021

Re: [webauthn] Should an RP be able to provide finer grained authenticator filtering in attestation options? (#1688)

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Dec 2021 01:13:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1000594906-1640308402-sysbot+gh@w3.org>
@sbweeden that is how I understand it as well.

I believe there is only one credentialID with two public keys per device.

So if the user has three devices the RP stores one CredentialID and four related public keys.

One for the passkey and one for each of the devices. 

It will be a major change for RP that want to keep using device bound credentials .

I am not necessarily arguing against this approach, but we need to be honest and realistic about the impact on enterprises and regulated entities.

My concern is those organisations will just ban all platform authenticator AAGUID for however many years it will take them to update the backends. 



-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688#issuecomment-1000594906 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 24 December 2021 01:13:25 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC