- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Fri, 05 May 2023 07:14:58 +0000
- To: public-webauthn@w3.org
> People took "cross-platform" to mean "security key", but now it means phones too and doesn't even mean "not platform" any more: if the platform authenticator is syncing to a phone then it's a candidate for attachment=cross-platform. Likewise, attachment=platform can get you a credential that you can use on another machine (e.g. making a credential on a hybrid-capable phone). Yeah, I'd certainly agree here - as an enterprise it's currently impossible to really filter authenticators ahead of time with registration with the current fields. And as you correctly note, the lines are certainly becoming blurred with cable and phones as platform authenticators, that also can be cross platform. If we are proceeding in this way, would it also be worth future consideration to deprecate the "transports/attachment" parameters or to add elements in the spec since they are quite confusing and often not always correct? -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1884#issuecomment-1535826737 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 5 May 2023 07:15:00 UTC