- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Wed, 10 Feb 2021 12:30:48 +0000
- To: public-webauthn@w3.org
> More to the point, there is no way to tell from a successful get response whether the authenticator would satisfy isUserVerifyingPlatformAuthenticatorAvailable() in a fresh browser profile, right? Yes, In fresh browser profile, you don't know which machine it is. And for privacy reasons, we cannot expose this information over the web. > I own at least one user-verifying authenticator that is not a platform authenticator, and Yubico has already announced they will sell one. There are many user-verifying authenticators that are not a platform authenticators and Yubico already sells one. May be you are confusing fingerprint based authenticators with user-verifying based authenticators. user verifying authenticators also consists of authenticators which are local PIN based. I have many user-verifying authenticators types. Some are local PIN based. Some are fingerprint based. Overall for this issue, Windows has no plans to support non-discoverable credentials. And if RP does not want credentials to be overwritten, they should provide an exclude list with all the credentials. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1569#issuecomment-776674647 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 10 February 2021 12:30:51 UTC