- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Wed, 08 Mar 2023 18:08:28 +0000
- To: public-webauthn@w3.org
Reviewing this issue, I suspect the Abstract has been fine all along. The word "authenticators" links to here... https://www.w3.org/TR/webauthn-2/#authenticator Which states the following (emphasis mine): > A cryptographic entity, existing in hardware or **software**, that can register a user with a given Relying Party and later assert possession of the registered public key credential, and optionally verify the user, when requested by the Relying Party. Authenticators can report information regarding their type and security characteristics via attestation during registration. > > A WebAuthn Authenticator could be a roaming authenticator, a dedicated hardware subsystem integrated into the client device, or **a software component of the client or client device**. Re-reading this issue with the benefit of time, I'm understanding that the abstract, multi-device "authenticators" created by way of passkeys synchronization still fits this definition of "authenticator". And in fact this definition hasn't changed at all in the last four years so it's probably been fine all along. I'm going to close this out for now. We can re-open if others believe the abstract still needs to be updated. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1743#issuecomment-1460620296 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 8 March 2023 18:08:30 UTC