- From: Enrico Bottazzi via GitHub <sysbot+gh@w3.org>
- Date: Mon, 21 Nov 2022 08:35:36 +0000
- To: public-webauthn@w3.org
enricobottazzi has just created a new issue for https://github.com/w3c/webauthn: == Being able to access the same public key credentials across different domains == ## Being able to access the same public key credentials across different domains Hi everyone, the thing that fascinated me the most since I approached Webauthn was the possibility of creating a unified login experience across the internet. The way I designed the webauth experience implies the registration of a domain name together with the public key credential on a public blockchain during the registration. The user can now use the same domain name to authenticate across different websites. The signature verification will be performed against the public key associated with that domain registered on-chain. Looking into the specs I realized that a public key credential is strictly bound to a https domain via `RP ID` and it seems that the APIs don't expose any way to remove this requirement or extend the RP IDs that can consume a unique public key credential. Why did you set this strict requirement as part of the standard? Wouldn't the possibility of reusing the same credential across different websites significantly increase the passwordless user experience? Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1827 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 21 November 2022 08:35:38 UTC