Re: [webauthn] Revisit description of userHandle (#1909)

> The more I think about it, the more I like what we already have in the L3 draft, with the possible addition of the description that the userHandle also allows the authenticator to recognize when to replace a discoverable credential during creation.

This is also mentioned in the [User Handle definition](https://w3c.github.io/webauthn/#user-handle):

>[...]
>[Authenticators](https://w3c.github.io/webauthn/#authenticator) [map](https://w3c.github.io/webauthn/#authenticator-credentials-map) pairs of [RP ID](https://w3c.github.io/webauthn/#rp-id) and [user handle](https://w3c.github.io/webauthn/#user-handle) to [public key credential sources](https://w3c.github.io/webauthn/#public-key-credential-source). As a consequence, an authenticator will store at most one [discoverable credential](https://w3c.github.io/webauthn/#discoverable-credential) per [user handle](https://w3c.github.io/webauthn/#user-handle) per [Relying Party](https://w3c.github.io/webauthn/#relying-party).
>[...]

Should we make that clearer or more prominent?

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1909#issuecomment-1609241635 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 27 June 2023 10:36:29 UTC