- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Mon, 14 Aug 2023 00:31:08 +0000
- To: public-webauthn@w3.org
Is there really any need to have specific call outs to multiple users here? I could share my yubikey pin to my partner and that would be "shared". There is no need for the spec to be aware of the credential being accessed by multiple people, since multiple users can be hidden behind a single user/login (eg sharing a netflix account). And that's exactly how it will work with say apples passkey sharing, where the RP will not know the difference between the credential being on my phone, or my partners. I think we just leave everything as "a user" and what that user decides to do with their credentials is up to them and their own risk/threat analysis. We don't really need to call out anything specific for this IMO. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1921#issuecomment-1676513082 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 14 August 2023 00:31:10 UTC