Re: [webauthn] make username fields optional (do not delete them, but do not force their usage, either, which is hostile against usernameless services) (#1942) from Tim Cappalli via GitHub on 2024-01-03 (public-webauthn@w3.org from January 2024)

From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
Date: Wed, 03 Jan 2024 18:25:14 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1875786933-1704306311-sysbot+gh@w3.org>

This has been discussed in a few working group calls and the consensus was that this change is not feasible for the ecosystem.

RPs who choose not to use a user-centric account identifier can put any value they wish in `user.name`, including just the site name or something like "my account" (but ideally a value that will help them understand the context of the credential). Making `user.name` optional will cause fragmentation of user experiences across passkey providers and clients.

Closing issue.

-- 
GitHub Notification of comment by timcappalli
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1942#issuecomment-1875786933 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 3 January 2024 18:25:16 UTC