- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Thu, 18 Apr 2024 22:09:18 +0000
- To: public-webauthn@w3.org
Perhaps it was an oversight, but [`PublicKeyCredential`](https://www.w3.org/TR/webauthn-3/#publickeycredential) only has a field for `authenticatorAttachment`. If `PublicKeyCredentialHints` is designed to be a replacement, then ideally it would be updated to contain a field of that type. As it stands now, a client can only inform what kind of credential was created via `AuthenticatorAttachment` which then has to somehow be mapped to a `PublicKeyCredentialHints` during the authentication ceremony. Unfortunately the [spec defines a non-invertible function](https://www.w3.org/TR/webauthn-3/#enum-hints) mapping `PublicKeyCredentialHints` to `AuthenticatorAttachment` forcing RPs to either play it safe and _only_ use the `AuthenticatorAttachment` that was sent during registration or "guess" what `PublicKeyCredentialHints` to use instead. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2053#issuecomment-2065411691 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 18 April 2024 22:09:19 UTC