[webauthn] Add a new "note" to registration options for RP's to help users distinguish credentials (#1852) from Matthew Miller via GitHub on 2023-02-14 (public-webauthn@w3.org from February 2023)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Tue, 14 Feb 2023 02:34:41 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1583387202-1676342080-sysbot+gh@w3.org>

MasterKale has just created a new issue for https://github.com/w3c/webauthn:

== Add a new "note" to registration options for RP's to help users distinguish credentials ==
## Context

RP's, like us at Cisco, use WebAuthn with a broad RP ID scoped in a way to allow for credential reuse across multiple "applications" on unique subdomains. Unfortunately, we've discovered that current, nascent passkeys management UIs emphasize displaying a credential's RP ID and username, which are often 

**Chrome:**
![Screenshot 2023-02-13 at 6 14 57 PM](https://user-images.githubusercontent.com/5166470/218621848-26d77b83-3737-4130-8361-39affbb70a04.png)

**1Password:**
![Screenshot 2023-02-13 at 6 23 15 PM](https://user-images.githubusercontent.com/5166470/218622594-f03118b1-3e40-4816-aebb-b015e5e85ec6.png)

**Safari (macOS):**
![Screenshot 2023-02-13 at 6 16 38 PM](https://user-images.githubusercontent.com/5166470/218621842-16eee8a2-a1c0-4d35-aa5c-c122dd9ae904.png)

## Proposed Change

What if we added a "`note`" property somewhere in [PublicKeyCredentialCreationOptions](https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialcreationoptions) to allow RP's to annotate a credential for the management interfaces to then expose to users for the user's ease of management?

Here are examples of places that "`note`" could go:

**1Password ("notes"):**
![Screenshot 2023-02-13 at 6 15 44 PM](https://user-images.githubusercontent.com/5166470/218623136-c25e018c-6662-4d88-b90d-6fd66d42cfad.png)

**Safari ("Notes"):**
![Screenshot 2023-02-13 at 6 29 01 PM](https://user-images.githubusercontent.com/5166470/218623469-e9fc11e3-ea68-43d4-b190-c9f9e14570e4.png)

![Screenshot 2023-02-13 at 6 29 22 PM](https://user-images.githubusercontent.com/5166470/218623480-1290fdf3-1026-41a0-86c5-b97f286bad52.png)

This feels beneficial to both RP's and end users.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1852 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 14 February 2023 02:34:43 UTC