W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2021

Re: [webauthn] Personal information updates & webauthn (#1456)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Fri, 02 Jul 2021 05:44:33 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-872733241-1625204672-sysbot+gh@w3.org>
@bathos some of inconsistencies are from the transactional nature of the commands and that there is no guarantee that the 'visible' set of authenticators/keys will be there in-between calls.

For example, attempting to update the username associated with a credential or delete a credential might involve a NFC key which the user does not have with them at the moment, or even that they may be on a machine without NFC capabilities.

The UX impact of this is brought forth even more due to non-discoverable credentials not existing in an enumerable fashion outside a list of supplied credential handles, and that allowing RP enumeration of the list of available discoverable and non-discoverable credentials is a privacy risk in general.

My expectation personally is that we see WebAuthn evolve to indicate broader actions, and to have the client (browser/platform) taking on more responsibility to mediate RP requests - the client has persistent state across all RPs and hardware/platform access to communicate with authenticators.

-- 
GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1456#issuecomment-872733241 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 2 July 2021 05:44:35 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:44 UTC