W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2021

Re: [webauthn] Inconsistent RP directions for handling credential transports (#1587)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Tue, 23 Mar 2021 08:48:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-804726906-1616489334-sysbot+gh@w3.org>
I suspect we should tighten up language by speaking instead terms of credential descriptors, which contain a credential ID  (which is authoritative from the authenticator as part of the attested data on create) and transports (which is advisory and shared unprotected from the client). 

A client SHOULD persist a credential descriptor, with both id and transports, to provide hints to the client for authenticator management and for any future authentication attempts of non-discoverable credentials. Changing or removing values from the transports may impact user experience or even prevent use of the credential.

GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1587#issuecomment-804726906 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 23 March 2021 08:48:56 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC