- From: Arshad Noor via GitHub <sysbot+gh@w3.org>
- Date: Thu, 04 Feb 2021 12:33:06 +0000
- To: public-webauthn@w3.org
Hi David (@dwaite) Technically, this is an issue for Authenticator manufacturers who focus on CTAP and may be better of addressed at the FIDO-DEV mailing list on https://fidoalliance.org. Once a credential is created on an Authenticator, the Authenticator does not need to know whether the RP accepted or rejected the registration. Some manufacturers provide tools to help manage those credentials, but there's no standard or guidelines (to the best of my knowledge) on what manufacturers should do about that. I think this is a worthwhile initiative for browser manufacturers to create a Service Provider Interface (SPI) that allows Authenticator manufacturers to plug into it; so any browser that has the SPI can help manage those credentials much as browsers manage Username/Passwords for sites today. But, bringing it to the attention of Authenticator manufacturers in the FIDO-DEV forum might be worthwhile as the FIDO Alliance could also initiate such an effort outside the purview of browser manufacturers. Good luck. -- GitHub Notification of comment by arshadnoor Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1560#issuecomment-773272431 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 4 February 2021 12:33:08 UTC