Re: [webauthn] Discussing mechanisms for enterprise RP's to enforce bound properties of credentials (#1739)

> As an enterprise RP, I would like a way to signal to the browser during a registration ceremony, that a device-bound key is required. 

Perhaps refine this to "hint to the client to guide UX during the registration ceremony, that non-device-bound keys would ultimately be rejected by the relying party"?

We could potentially define a registry of hints here, with the idea as well that not all clients will understand all hints at the time of registration (e.g. some browsers understand how to check an authenticator for a minimum certification level by a third party vendor).

GitHub Notification of comment by dwaite
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Friday, 10 June 2022 17:48:42 UTC