Re: [webauthn] Adding some sentences to describe credential sharing between multiple users (#1921) from Ki-Eun Shin via GitHub on 2023-08-17 (public-webauthn@w3.org from August 2023)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Thu, 17 Aug 2023 00:47:07 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1681445690-1692233225-sysbot+gh@w3.org>

> There is no case where an existing device-bound passkey can become shared with another user's authenticator.

I'm asking about the security and related policy around credential sharing of passkeys. If the credential could be sent (copied) to other users, then it is no longer bound to the user device and user account of the passkey providers.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1921#issuecomment-1681445690 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 17 August 2023 00:47:09 UTC