- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Wed, 10 Feb 2021 12:18:49 +0000
- To: public-webauthn@w3.org
> How safe is it to assume that internal means platform authenticator? "Internal" means platform authenticator. However, mobiles can also act like a roaming authenticator. So in that case, in addition to "internal", they will also include other transports. Overall it is a **_hint_** for the platform, and RP should store it and pass it back to the platform. However, they should not rely on exact implementation behavior, as those are actually hints. > is it desirable that the API only allows indirect access to authenticator UV/PA/RK, and using different opt-in mechanisms? I would be against allowing certain authenticators and not others, if that's what you are asking. In a way, specifying attachment=platform property limits one to platform authenticators, but that was for a special case for registration. For authentication, intentionally, there is no attachment property as a platform can be interacted via other mechanisms. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1567#issuecomment-776668858 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 10 February 2021 12:18:51 UTC