Re: [webauthn] Facility for an RP to indicate a change of displayName to a discoverable credential (#1779) from Nina Satragno via GitHub on 2022-09-12 (public-webauthn@w3.org from September 2022)

From: Nina Satragno via GitHub <sysbot+gh@w3.org>
Date: Mon, 12 Sep 2022 21:47:15 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1244541632-1663019233-sysbot+gh@w3.org>

From TPAC: a possible, privacy-friendly design for this update would be to leverage a Reporting API (see [relevant previous issue](https://github.com/w3c/webauthn/issues/1637#:~:text=Report%20signaling,this%20at%20all.)). After a successful sign-in, the RP can call an API that tells the user agent some state about the passkey:
* Whether the passkey was accepted or rejected
* The current `displayName` and `name` for the user.
The user agent can then decide to prompt the user to update the `displayName` and `name` on the credential.

This "reporting api" may need some updates on ctap 2.2 if we don't want to have the user tap their authenticator again to make this change, but since there's going to be a prompt anyway, perhaps we are okay with it.

-- 
GitHub Notification of comment by nsatragno
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1779#issuecomment-1244541632 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 12 September 2022 21:47:17 UTC