- From: Eli Ribble via GitHub <sysbot+gh@w3.org>
- Date: Fri, 27 Jan 2023 02:03:27 +0000
- To: public-webauthn@w3.org
> And password managers are growing to support webauthn credentials. See dashlane for example. Thanks, I haven't heard of it, I'll take a look. > I'm not really sure what you are asking for her to be honest, because this is already solved in multiple ways (password managers support webauthn credentials, apple/google accounts with roaming authenticators, people with security keys, etc). Specifically what I'm looking for is a discussion from people who know more than me about WebAuthN. I think it could be useful to include a chain of signatures as part of the API for registering new credentials. It's possible I'm wrong on lots of fronts. It may be bad for security. It may be contrary to stated desirable use-cases. It may be inappropriate for that part of a credential flow and that sort of information should be handled by the authenticator. It may be that there is already some field that allows for supplying arbitrary metadata about the generated keys, and one could just leverage that field to do what I'm suggesting. I don't know what I don't know. Maybe it's a great idea that could solve some problems. > PS: It feels a lot more like you have some other motive or goal in mind for this suggestion, but I'm not sure what it is .... My motivation for this suggestion is essentially this: I think WebAuthN is an amazing technology and could solve many, many problems for billions of people. Yet, as far as I can tell, adoption is incredibly slow. And not speeding up. I personally think that part of this is because there are no recommended solutions (that I know of) for basic usability like "how do I use multiple devices and maintain a consistent identity with a service using WebAuthN?" and "what happens when I upgrade my phone?" Certainly when I have considered WebAuthN for my own projects this has come up. I want to contribute toward solving that. -- GitHub Notification of comment by EliRibble Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1844#issuecomment-1405925909 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 27 January 2023 02:03:30 UTC