Re: [webauthn] [Superset] Updating credential metadata and requesting deletion of stale credentials (#1967) from Thomas Duboucher via GitHub on 2023-12-06 (public-webauthn@w3.org from December 2023)

From: Thomas Duboucher via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Dec 2023 14:06:15 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1842957295-1701871572-sysbot+gh@w3.org>

As some pointed out, it is impossible nor desirable for a RP to delete remotely stale credentials:
- security key may not be attached,
- probably some privacy/DOS issues?

I think the only way to delete stale credentials is a _user side garbage collection_ - the client could list all the credentials/RP and use a well-known endpoint to check if the credential still exists or can be deleted.

-- 
GitHub Notification of comment by serianox
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1967#issuecomment-1842957295 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 6 December 2023 14:06:17 UTC