Re: [webauthn] How to know if a user has already registered a device? (#1749) from Arnaud Dagnelies via GitHub on 2023-11-26 (public-webauthn@w3.org from November 2023)

From: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
Date: Sun, 26 Nov 2023 10:53:09 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1826750578-1700995986-sysbot+gh@w3.org>

Well, even an `exists()` checking existence of a public key credential:

- locally (on the platform)
- for the current origin
- blocked in iframes
 
would be really simple, without tracking info, and be helpful in 90% of the use cases to guide users.

I'm also surprised webauthn is supposed to work in iframes. IFrames are notoriously "unsafe by default" since you can eavesdrop and even manipulate anything that happens within. But that's another topic.

-- 
GitHub Notification of comment by dagnelies
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1749#issuecomment-1826750578 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 26 November 2023 10:53:10 UTC