W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

[webauthn] Spec abstract is out of date on the eve of multi-device credentials and cross-device auth (#1743)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Thu, 09 Jun 2022 21:08:44 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1266661153-1654808920-sysbot+gh@w3.org>
MasterKale has just created a new issue for https://github.com/w3c/webauthn:

== Spec abstract is out of date on the eve of multi-device credentials and cross-device auth ==
This sentence in the spec's abstract is now out of date with the upcoming launch of multi-device credentials across all three major platform vendors:

> Conceptually, one or more [public key credentials](https://www.w3.org/TR/webauthn-2/#public-key-credential), each [scoped](https://www.w3.org/TR/webauthn-2/#scope) to a given [WebAuthn Relying Party](https://www.w3.org/TR/webauthn-2/#webauthn-relying-party), are created by and [bound](https://www.w3.org/TR/webauthn-2/#bound-credential) to [authenticators](https://www.w3.org/TR/webauthn-2/#authenticator) as requested by the web application.

This needs to be updated to reflect the reality that A) backup of credentials mean credentials are no longer device-bound, and B) capabilities like Apple's shareable multi-device credentials means credentials are potentially no longer user-bound either.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1743 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 9 June 2022 21:08:45 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC