Re: [webauthn] residentKey: "preferred-if-unlimited"? (#1822)

As I recall, the consensus last time we discussed this on the WG call was that `residentKey: "preferred"` should continue to work as it currently does when storage capacity is not a concern, but it's reasonable to recommend client implementations to be less generous when it is - for CTAP2.0 devices in particular.

But that's also why we decided no change is needed in WebAuthn - it's specifically a CTAP2.0 concern, which is beyond the WebAuthn authenticator model and should be handled in CTAP specs/guidelines instead. As is, WebAuthn doesn't even have a concept of authenticator storage _capacity_, only a binary storage _capability_.

I'm a bit torn on whether WebAuthn _should_ have such a concept, but I'm still leaning toward calling this out of scope. These are vendor-specific implementation concerns, we shouldn't clutter WebAuthn with them.


-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1822#issuecomment-1377443100 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 10 January 2023 15:27:22 UTC