- From: Thomas Duboucher via GitHub <sysbot+gh@w3.org>
- Date: Thu, 24 Mar 2022 10:27:30 +0000
- To: public-webauthn@w3.org
> I have previously asked about a way to specify per-credential selection criteria which was denied by this WG, because an authentication challenge is considered to be targetting a single credential with a narrow credential class, rather than about selecting between criteria for a diverse range of possible authenticators. > > As a result it's up to the RP to pre-select in a work flow for the user what credential they want to potentially use, including the distinction between rk and not. This has to do with the capabilities to step-up from credentials to discoverable credentials in the registration/login flow - authenticators may return a discoverable credential even if not requested by the RP - RP can use a discoverable credential in the default authentication scheme, i.e. passing the discoverable credential ID in the allow list to explicitly select it It's not non-discoverable vs. discoverable, it's discoverable being an additional property of a credential. A RP can provide a registration flow with `options.authenticatorSelection.residentKey = "preferred"`, and then provide an authentication flow with 2FA/passwordless passing all the registered credentials including the discoverable ones, or usernameless waiting for a discoverable credential to be used. -- GitHub Notification of comment by serianox Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1565#issuecomment-1077472324 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 24 March 2022 10:27:31 UTC