- From: Paul Wise via GitHub <sysbot+gh@w3.org>
- Date: Thu, 29 Sep 2022 04:21:00 +0000
- To: public-webauthn@w3.org
I would like to see a TLS and or HTTP layer protocol for Webauthn, so that the browser provides all of the UI and the website provides none, similar to TLS client certs or HTTP basic auth. When the user requests a page that requires (or is enhanced by) login, the website responds saying authorization required (or suggested), then the browser pops up a "Login to this site?" similar to webcam/etc prompts, then the user clicks login, then the browser sends the credentials and the website responds with success/failure. For future requests, the browser sends credentials again, until the user clicks the logout UI. Perhaps there should also be similar mechanisms for adding new keys and removing old ones, for both user initiated replacement and browser or website initiated replacement. Registering/removing accounts might also be nice to have too. -- GitHub Notification of comment by pabs3 Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1255#issuecomment-1261735195 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 29 September 2022 04:21:07 UTC