- From: Thomas Duboucher via GitHub <sysbot+gh@w3.org>
- Date: Wed, 11 Jan 2023 11:00:45 +0000
- To: public-webauthn@w3.org
> I think it would be good to agree on the fact that a passkey needs to be a discoverable credential, so `rk: required` in any situation where the credential to be created is called a passkey. Passkeys _are_ resident keys/discoverable credential. > My take on this is to not have another option, but instead encourage the browsers to inform the user and allow the user to make a choice when rk=preferred is set and the authenticator has limited storage. Mine too, and I think that's what we have currently in at least Windows. When creating a passkey on a security key, there's a prompt that informs the user that "~something will be stored on the security key". Probably the wording could be enhanced saying that a passkey will be created on the security key, and the remaining number of possible passkeys on the security key. CTAP 2.1 security keys report the number of remaining passkeys. -- GitHub Notification of comment by serianox Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1822#issuecomment-1378575681 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 11 January 2023 11:00:46 UTC