W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2022

Re: [webauthn] Should an RP be able to provide finer grained authenticator filtering in attestation options? (#1688)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Mon, 10 Jan 2022 15:51:40 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1009015625-1641829899-sysbot+gh@w3.org>
> Also it seems like I'm a bit out of the loop, what does "passkey" mean in this context?

Someone correct me if they are using the term differently, but I expect a combination of:

1. Conditional UI through mediation, possibly used to make the UX appear closer to the "password manager form fill" experience
2. An authenticator which has credentials exported from the device to provide account-held credentials rather than device-held credentials. So far this appears to be more of a platform-proprietary synchronization feature than a general-purpose credential export.
3. Device-bound keys available an extension as more of a risk-system trigger - this is also being added as an alternative to behavioral selection for higher-assurance use cases (including the potential of those organizations rejecting some platform-issued credentials)

GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688#issuecomment-1009015625 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 10 January 2022 15:51:42 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC