Re: [webauthn] devicePubKey extension MUST be supported if multi-device WebAuthn credentials are used (#1691)

Hi @emlun 
> @cyberphone Please stay on the issue topic, web payments are unrelated to this.

They are related because Web payment systems that do not intrinsically host required meta data, usually depend on cookies to achieve a more reasonable UX (like remembering last used card number).   Payment systems relying on WebAuthn belong to this category.

That is, synced keys may also need synced cookies.  SPC raises the bar further by adding dependencies on synced payment handler code.  Hopefully all of this is taking place at the platform level, otherwise you are stuck with the default browser which yet another thorny issue.  For Apple who only supports a single "engine" this is a no-issue, for the rest of the world, it is not.

IMO, this is way over the top, particularly with respect to payments.  For user authentication, discoverable authenticators are probably sufficient to relieve us from the current "cookie hell".

-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1691#issuecomment-1021984339 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 26 January 2022 08:46:10 UTC