- From: Shane Weeden via GitHub <sysbot+gh@w3.org>
- Date: Thu, 12 May 2022 01:22:28 +0000
- To: public-webauthn@w3.org
> crepProps (which is a joke anyway since it's not signed and is open to manipulation). FWIW [credProps](https://www.w3.org/TR/webauthn-3/#sctn-authenticator-credential-properties-extension) is a client registration extension, generated by the client *after* the ceremony with the authenticator, and therefore cannot be signed. It is not meant to be proof of anything. It is designed to be a signal to RPs of what the client actually ended up using in its registration ceremony with the authenticator and is specifically designed to help in cases when [residentKey](https://www.w3.org/TR/webauthn-3/#dom-authenticatorselectioncriteria-residentkey) is set to preferred. It was envisioned this would help the RP decide what use cases the credential might be used for in future (username-less flow or 2FA only) and allow the RP to offer guidance to the user on same. -- GitHub Notification of comment by sbweeden Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1730#issuecomment-1124436590 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 12 May 2022 01:22:29 UTC