- From: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
- Date: Wed, 06 Jul 2022 07:39:29 +0000
- To: public-webauthn@w3.org
it was probably poorly phrased from me. Indeed the user id is transmitted into the authentication payload. What I meant is that it is of no practical use. What you store in your database as a RP is typically "username/email -> list of public key credentials". So basically, you have to either transmit the "username/email" directly or map the user id to username/email on the server side. Regarding the user "name", from the specs: > it is a [human-palatable](https://w3c.github.io/webauthn/#human-palatability) identifier for a [user account](https://w3c.github.io/webauthn/#user-account). It is intended only for display, i.e., aiding the user in determining the difference between user accounts with similar [displayName](https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-displayname)s. For example, "alexm", "alex.mueller@example.com" or "+14255551234". So basically, it is just an identifier. I don't really see the problem with things like "divorce, leaving domestic violence, ...". More like when changing one's username/email/phone. But in that case, the solution looks simple to me: create new credentials. Done. -- GitHub Notification of comment by dagnelies Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1763#issuecomment-1175888711 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 6 July 2022 07:39:32 UTC