Re: [webauthn] Spec abstract is out of date on the eve of multi-device credentials and cross-device auth (#1743)

Reviewing this issue, I suspect the Abstract has been fine all along. The word "authenticators" links to here...

Which states the following (emphasis mine):

> A cryptographic entity, existing in hardware or **software**, that can register a user with a given Relying Party and later assert possession of the registered public key credential, and optionally verify the user, when requested by the Relying Party. Authenticators can report information regarding their type and security characteristics via attestation during registration.
> A WebAuthn Authenticator could be a roaming authenticator, a dedicated hardware subsystem integrated into the client device, or **a software component of the client or client device**.

Re-reading this issue with the benefit of time, I'm understanding that the abstract, multi-device "authenticators" created by way of passkeys synchronization still fits this definition of "authenticator". And in fact this definition hasn't changed at all in the last four years so it's probably been fine all along.

I'm going to close this out for now. We can re-open if others believe the abstract still needs to be updated.

GitHub Notification of comment by MasterKale
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Wednesday, 8 March 2023 18:08:30 UTC