Re: [webauthn] Add ability to query for feasibility of registering a credential that is backup eligible (#1788) from Shane Weeden via GitHub on 2022-09-12 (public-webauthn@w3.org from September 2022)

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Mon, 12 Sep 2022 21:32:26 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1244515832-1663018344-sysbot+gh@w3.org>

Following TPAC discussion we are going to close this issue. RPs cannot expect an API for detection of BE=1 capable browsers, because with cable/hybrid that would be possible without the browser knowing at the time the API is called (so a browser would always just return "yes, this is possible").

For the alternative case, where an RP wants to request a device-bound credential, the thinking is that this is suggested by the RP by requesting attestation, and the DPK extension. Whether or not platform authenticators actually implement DPK with attestation remains to be seen, but that is the way in which an RP would indicate their desire for an attested device-bound capability.

-- 
GitHub Notification of comment by sbweeden
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1788#issuecomment-1244515832 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 12 September 2022 21:32:28 UTC