Re: [webauthn] Why not email/username as user.id / user handle? (#1763) from Emil Lundberg via GitHub on 2022-07-06 (public-webauthn@w3.org from July 2022)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Jul 2022 17:15:40 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1176480523-1657127738-sysbot+gh@w3.org>

Yes, but platform authenticators are presumably protected by the local login on the device. For external security keys the opposite is true: they may reveal user handles without authentication but not `name`s and `displayName`s.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1763#issuecomment-1176480523 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 6 July 2022 17:15:42 UTC