Re: [webauthn] Refine JSON serialization to use UTF-8 encoding for `user.id` and `userHandle` (#2013) from Matthew Miller via GitHub on 2024-01-10 (public-webauthn@w3.org from January 2024)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Wed, 10 Jan 2024 06:00:30 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1884240775-1704866428-sysbot+gh@w3.org>

A side effect of this change might be that RP's feel empowered to use PII-containing identifiers here since they're already strings. However I think we could easily enough suggest base64url-encoding 64 random bytes and then using that string as `user.id` when calling `parseCreationOptionsFromJSON()` and the user privacy considerations in https://w3c.github.io/webauthn/#sctn-user-handle-privacy are maintained.

-- 
GitHub Notification of comment by MasterKale
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2013#issuecomment-1884240775 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 10 January 2024 06:00:33 UTC