Re: [webauthn] The authenticator may hide the credential even if the RP signals unknown credentials (#2192) from Ki-Eun Shin via GitHub on 2024-10-31 (public-webauthn@w3.org from October 2024)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Thu, 31 Oct 2024 02:23:25 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2448890202-1730341403-sysbot+gh@w3.org>

> I still think we should keep it as there are authenticators who have expressed interest in offering this capability.

What is the rationale? RP might accidentally call the signal APIs due to bug? 

If there is credential hidden policy for this signal APIs, RP might need similar policy on their backend side
When the user deletes a certain passkey on the passkey setting menu on the RP website,
It might be recommended to change such credential state to hidden (instead of deleting it from the database) so if the passkey is restored on the passkey provider, it would still works.
But, this would break some RP's implementation to handle this situation.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2192#issuecomment-2448890202 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 31 October 2024 02:23:27 UTC