- From: bigradish via GitHub <sysbot+gh@w3.org>
- Date: Fri, 27 Dec 2024 04:22:29 +0000
- To: public-webauthn@w3.org
Hi Shane, I think we should not emphasize the user privacy too much. Providing more info to the RP properly may make Webauthn be used wider. Thank you very much anyway. :) ________________________________ 发件人: Shane Weeden ***@***.***> 发送时间: 2024年12月27日 11:33 收件人: w3c/webauthn ***@***.***> 抄送: bigradish ***@***.***>; Author ***@***.***> 主题: Re: [w3c/webauthn] Add a method to get all the credentials for a rely party on the client device to support the rely party (website) to limit the number of accounts a user can register (Issue #2222) I'm sure it will come up as a topic at the next WG call, and will let that process take its course, but I'm almost certain the answer will be against. There isn't even a discovery API to figure out if any credential exists at all, let alone provide a number. This is why the "autofill UI" (also known as conditional mediation) version of WebAuthn behaves the way it does. The notion of whether or not a credential exists on the client device and is shown in autofill dropdown to the user is not discoverable to the RP until the user decides to use it. The RP is not entitled to know this - again for privacy reasons. ― Reply to this email directly, view it on GitHub<https://github.com/w3c/webauthn/issues/2222#issuecomment-2563277877>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABBYBYKDKJQJ4IRPOB7X2E32HTC7FAVCNFSM6AAAAABUH3OWDGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNRTGI3TOOBXG4>. You are receiving this because you authored the thread.Message ID: ***@***.***> -- GitHub Notification of comment by bigradish Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2222#issuecomment-2563299243 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 27 December 2024 04:22:30 UTC