[webauthn] Spec abstract is out of date on the eve of multi-device credentials and cross-device auth (#1743) from Matthew Miller via GitHub on 2022-06-09 (public-webauthn@w3.org from June 2022)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Thu, 09 Jun 2022 21:08:44 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1266661153-1654808920-sysbot+gh@w3.org>

MasterKale has just created a new issue for https://github.com/w3c/webauthn:

== Spec abstract is out of date on the eve of multi-device credentials and cross-device auth ==
This sentence in the spec's abstract is now out of date with the upcoming launch of multi-device credentials across all three major platform vendors:

> Conceptually, one or more [public key credentials](https://www.w3.org/TR/webauthn-2/#public-key-credential), each [scoped](https://www.w3.org/TR/webauthn-2/#scope) to a given [WebAuthn Relying Party](https://www.w3.org/TR/webauthn-2/#webauthn-relying-party), are created by and [bound](https://www.w3.org/TR/webauthn-2/#bound-credential) to [authenticators](https://www.w3.org/TR/webauthn-2/#authenticator) as requested by the web application.

This needs to be updated to reflect the reality that A) backup of credentials mean credentials are no longer device-bound, and B) capabilities like Apple's shareable multi-device credentials means credentials are potentially no longer user-bound either.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1743 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 9 June 2022 21:08:45 UTC