Re: [webauthn] Requesting properties of created credentials. (#1449)

> With platforms introducing support for cross-device credentials, don't we also need/want a mechanism to allow signalling to the platform, on credential creation, that a hardware-backed key is desired?

@eldanb I think what @sbweeden is trying to say is that the spec for webauthn already has these capabilities. What you may be encountering is that sometimes the language used for these things in the spec is quite specific to this spec, and requires some experience and interpretation. Have a look at https://www.w3.org/TR/webauthn-2/#client-side-discoverable-credential which talks about keys that are stored *in* the hardware, vs stored *in* the client-id on the server (key-wrapped key). To determine if this was indeed done, you need to check some extensions to guarantee it (normally it's a hint that you prefer this, to make it enforced you have to check the extensions in the registrations). 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1449#issuecomment-863637830 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 18 June 2021 00:09:01 UTC