Re: [webauthn] Provide an explicit way to opt out of multi-device syncing/backups (#1714) from Lukas Ribisch via GitHub on 2022-03-30 (public-webauthn@w3.org from March 2022)

From: Lukas Ribisch via GitHub <sysbot+gh@w3.org>
Date: Wed, 30 Mar 2022 20:30:11 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1083594836-1648672210-sysbot+gh@w3.org>

I understand that it might not be the intended usage, but I'm hoping to raise some awareness that it still might become a somewhat common usage pattern due to the regulatory and risk constraints outlined above.

If that assumption holds true, migrating from implicit to explicit RP behavior (where implementations would be receiving the "we will never use the synced credential" signal) might be hard or impossible.

-- 
GitHub Notification of comment by lxgr
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1714#issuecomment-1083594836 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 30 March 2022 20:30:12 UTC