W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

Re: [webauthn] Discussing mechanisms for enterprise RP's to enforce bound properties of credentials (#1739)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Fri, 10 Jun 2022 17:48:41 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1152598080-1654883319-sysbot+gh@w3.org>
> As an enterprise RP, I would like a way to signal to the browser during a registration ceremony, that a device-bound key is required. 

Perhaps refine this to "hint to the client to guide UX during the registration ceremony, that non-device-bound keys would ultimately be rejected by the relying party"?

We could potentially define a registry of hints here, with the idea as well that not all clients will understand all hints at the time of registration (e.g. some browsers understand how to check an authenticator for a minimum certification level by a third party vendor).

GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1739#issuecomment-1152598080 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 10 June 2022 17:48:42 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC