- From: Nick Steele via GitHub <sysbot+gh@w3.org>
- Date: Wed, 05 Apr 2023 19:42:20 +0000
- To: public-webauthn@w3.org
This approach remains a non-starter for the WG, the issue continues to be that while yes, you _can_ discriminate against authenticators, there shouldn't be an ability for RPs to preemptively deny a user's authenticator from creating a credential. Yes, the onus should be on the RP to dissuade the user from attempting to use a certain authenticator, I think primarily because the browser has no onus towards remediation. What would be a compelling topic is better transport and authenticator hinting, which would allow the RP to present a different UX/UI depending on the information inferred from these hints. -- GitHub Notification of comment by nicksteele Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1816#issuecomment-1498022510 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 5 April 2023 19:42:22 UTC