Re: [webauthn] make username fields optional (do not delete them, but do not force their usage, either, which is hostile against usernameless services) (#1942) from Mitar via GitHub on 2023-11-24 (public-webauthn@w3.org from November 2023)

From: Mitar via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Nov 2023 08:16:42 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1825294428-1700813800-sysbot+gh@w3.org>

> Also you have made a fundamental mistake there, since there is thene no way for for a user to distinguish credentials. 

In my approach, there would always be just one credential per site. So nothing to choose from.

If user modifies data in authenticator to have multiple credentials per site (which I think browsers should help them) then they can put something meaningful in there. But from the point of the site I do not care if user has one or multiple accounts. I just want to be given a credential. And if user is creating the credential through the site, the site propose a very simple and clear name for that one credential.

-- 
GitHub Notification of comment by mitar
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1942#issuecomment-1825294428 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 24 November 2023 08:16:44 UTC