- From: Shane Weeden via GitHub <sysbot+gh@w3.org>
- Date: Fri, 18 Jun 2021 00:19:59 +0000
- To: public-webauthn@w3.org
Actually I think there is room for expansion of the [AuthenticatorSelectionCriteria](https://www.w3.org/TR/webauthn-2/#dictdef-authenticatorselectioncriteria) to be more explicit as to what the RP wants or requires. For example, you could imagine additional criteria to indicate if there is a requirement for a device-bound credential vs accepting a cloud-account-backed credential. Per recent discussion on the WebAuthn WG call I believe there is a PR coming related to an extension for supporting device-bound credentials associated with a cloud-account-backed credential. I think this issue can be revisited in the context of that PR, however it may well be the right time to look at new or modified [AuthenticatorSelectionCriteria](https://www.w3.org/TR/webauthn-2/#dictdef-authenticatorselectioncriteria) properties that permit an RP to be more selective. -- GitHub Notification of comment by sbweeden Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1449#issuecomment-863641919 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 18 June 2021 00:20:49 UTC