W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2022

Re: [webauthn] devciePubKey extension MUST be supported if passkey is supported (#1691)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Fri, 21 Jan 2022 23:31:01 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1018949621-1642807859-sysbot+gh@w3.org>
> 1. want to be able to remove all passwords multi-device in some synced state is required, may reject single device credentials

<snip>

> 1 Single Device 0 / multi-device capable 1
> 2 Not backed up 0 / backed up 1

The use case of a less-sophisticated RP requesting authenticators which are backed up due them lacking sophisticated/cost-effective account recovery flows is interesting, as that is one where attestations and extensions adding more sophistication really wouldn't help.

I don't know if this would be more of a client request (which could be accomplished via authenticator metadata) or something where there's value in having the authenticator self-attest the current backup state of a credential.

-- 
GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1691#issuecomment-1018949621 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 21 January 2022 23:31:02 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:44 UTC