W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2021

Re: [webauthn] Cleanup when creating discoverable credentials with attestations (#1560)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Tue, 16 Mar 2021 09:05:31 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-800083759-1615885530-sysbot+gh@w3.org>
Yes, what I was thinking was something similar to this:

1. best-effort cleanup of credentials the site does not understand
2. eliminating edge cases that create spurious credentials when possible.

A delete/cleanup hint mechanism could be added directly to CredMan, I believe the only WebAuthn specific part is that non-resident credentials will always silently ignore cleanup. But since everything is a hint and the result is silent, who knows? 😄

e.g. a slightly different color bikeshed

    type: "public-key",
    action: "retain",
    matching: [
        {id: "credhandle1"},
        {id: "credhandle2"}

GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1560#issuecomment-800083759 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 16 March 2021 09:05:32 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC