[webauthn] Add (#1789) from bobknowscode via GitHub on 2022-08-26 (public-webauthn@w3.org from August 2022)

From: bobknowscode via GitHub <sysbot+gh@w3.org>
Date: Fri, 26 Aug 2022 19:38:13 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1352662277-1661542691-sysbot+gh@w3.org>

bobknowscode has just created a new issue for https://github.com/w3c/webauthn:

== Add  ==
I have found it difficult to understand what  Discoverable credentials really means and how credentials could be discovered from just a RP ID.  I read the https://www.w3.org/TR/webauthn-3/ specification and reviewed the 
"Client-side discoverable Public Key Credential Source" section.

The issues are :
What entity are responsible for finding the credential ID?  
What happens if the user has a TPM, and 2 USB FIDO Authenticators attached to a local PC. 
What entity searches these for credentials?
What if the user has 2 or more registrations with a relying party.  

## Proposed Change
Add to the  standard a bounce diagram of non discoverable and discoverable cases?  
Add to the standard what entities are responsible for finding credential IDs based on Relying Party ID.
Add some discussion about multiple authenticators and 2 or more registrations with a relying party.

Thank you.


Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1789 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 26 August 2022 19:38:14 UTC