Re: [webauthn] Add a method to get all the credentials for a rely party on the client device to support the rely party (website) to limit the number of accounts a user can register (#2222) from Adam Langley via GitHub on 2025-01-08 (public-webauthn@w3.org from January 2025)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 08 Jan 2025 20:26:33 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2578591881-1736367990-sysbot+gh@w3.org>

The WG has pondered this several times and remains of the opinion that browsers should not silently release credential metadata for privacy reasons. There is a possibility that an API similar to one that exists on several mobile platforms could be provided on the web, where a UI appears if (and only if) credentials exist. But this also effectively discloses whether _some_ credential exists, and thus is not trivial.

But, _if_ such a thing happened, we would track any such proposal in a more specific issue/PR. So we'll close this one since we don't think that the suggestion in the title is suitable.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2222#issuecomment-2578591881 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 8 January 2025 20:26:34 UTC