Re: [webauthn] Discussing mechanisms for enterprise RP's to enforce bound properties of credentials (#1739) from David Waite via GitHub on 2022-06-10 (public-webauthn@w3.org from June 2022)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Fri, 10 Jun 2022 17:48:41 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1152598080-1654883319-sysbot+gh@w3.org>

> As an enterprise RP, I would like a way to signal to the browser during a registration ceremony, that a device-bound key is required. 

Perhaps refine this to "hint to the client to guide UX during the registration ceremony, that non-device-bound keys would ultimately be rejected by the relying party"?

We could potentially define a registry of hints here, with the idea as well that not all clients will understand all hints at the time of registration (e.g. some browsers understand how to check an authenticator for a minimum certification level by a third party vendor).

-- 
GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1739#issuecomment-1152598080 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 10 June 2022 17:48:42 UTC