Re: [webauthn] Should an RP be able to provide finer grained authenticator filtering in attestation options? (#1688) from Adam Langley via GitHub on 2023-05-01 (public-webauthn@w3.org from May 2023)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Mon, 01 May 2023 16:54:57 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1529945561-1682960095-sysbot+gh@w3.org>

> How could this challenge be solved? Any further Ideas?

This topic was raised at the 2023-04-21 face-to-face meeting. It was agreed that we would draft a change to add a "hints" parameter to requests, the first use-case of which would be allowing sites to express that they expect users to use a security key for a request. We recognise that we've hit the limits to trying to infer this from the current set of parameters and, while we try to cover the common cases, the case of enterprises using security keys (at least) is suffering.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1688#issuecomment-1529945561 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 1 May 2023 16:54:59 UTC