W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2021

Re: [webauthn] Support a "create or get [or replace]" credential re-association operation (#1568)

From: Lucas Garron via GitHub <sysbot+gh@w3.org>
Date: Fri, 19 Feb 2021 23:48:50 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-782461374-1613778529-sysbot+gh@w3.org>
> on 2021-02-10 call:
> map to L3. noted that a underlying motivation for this is the present lack of Android support for discoverable creds.

I'd like to clarify that this is mostly orthogonal, as far as I'm concerned.

The main issue here is figuring out how to ensure that a new browser profile can get an associated registration for an RP while keeping the process as straightforward as possible for the user (i.e. by handling it all in a single prompt, if possible). Until something like #1545 becomes available, there is no way for the RPs to do anything without potential situations where a prompt is guaranteed to lead to an error even in the "happy path".

This is already an issue for authenticators/browsers that support discoverable credentials (notably, Safari and Windows Hello). Discoverable credentials in Android would be very welcome, but would not directly help with this issue.

I realized recently that a potential point of confusion is that we want GitHub to support UVPA trusted devices for users without "normal 2FA". My comment here might help clarify some things: https://github.com/w3c/webauthn/issues/1566#issuecomment-782444786

-- 
GitHub Notification of comment by lgarron
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1568#issuecomment-782461374 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 19 February 2021 23:48:52 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:42 UTC