- From: Stephen McGruer via GitHub <sysbot+gh@w3.org>
- Date: Fri, 03 Sep 2021 21:41:42 +0000
- To: public-webauthn@w3.org
> I don't quite get why the requirement for discoverable credentials. While this should work for discoverable credentials when an allow list is provided, I don't see any reason that a discoverable credential is required. The reason I've pushed for Discoverable Credentials isn't related to the third-party initiated authentication ceremony. It is related to SPC's ability to only show the browser transaction UX if the credentials match this device (i.e. if there's a chance the user **could** succeed, assuming they wish to and that they can pass the WebAuthn ceremony). This seems very close to Conditional UI (which is in some ways solving the same question... roughly), and Conditional UI requires Discoverable Credentials. If we can find a way of doing that without requiring Discoverable Credentials, SGTM! -- GitHub Notification of comment by stephenmcgruer Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-912825771 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 3 September 2021 21:41:44 UTC