- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Fri, 24 Nov 2023 08:13:22 +0000
- To: public-webauthn@w3.org
But the user field *is* required if the credential is discoverable, and that's why there is an id and a client-side displayname so the user knows what credential they are about to interact with and use. Also you have made a fundamental mistake there, since there is thene no way for for a user to distinguish credentials. Imagine a pop up list where it says ``` Which Credential do you want to use? Site Name Site Name Site Name ``` Does really help the user does it? Which is exactly why name and displayname are *client side* and stored in the authenticator, because then the user can put in anything *they* want to make their own associations without the RP ever seeing it. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1942#issuecomment-1825291097 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 24 November 2023 08:13:24 UTC