Re: [webauthn] Support Filtering by Username in Conditional UI (#1793) from Chad Killingsworth via GitHub on 2022-09-08 (public-webauthn@w3.org from September 2022)

From: Chad Killingsworth via GitHub <sysbot+gh@w3.org>
Date: Thu, 08 Sep 2022 01:59:00 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1240127490-1662602339-sysbot+gh@w3.org>

There is another related use case as well: for systems where the username and password fields are on separate steps, it is a bit odd for the password autofill to list all usernames. It is the same basic consideration as the step-up auth scenario, but in this case the user is not yet authenticated.

Also in the separate steps scenario, using a credential from a different username does work (at least on my systems), but it seems like something that should be addressed.

In both cases, filtering by username (or even a allowCredentials list) works. On the un-authenticated version though, the [username enumeration privacy considerations become applicable](https://www.w3.org/TR/webauthn/#sctn-username-enumeration) if allowCredentials is utilized for the filtering.

-- 
GitHub Notification of comment by ChadKillingsworth
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1793#issuecomment-1240127490 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 8 September 2022 01:59:03 UTC