- From: James Elliott via GitHub <noreply@w3.org>
- Date: Fri, 17 Oct 2025 22:54:09 +0000
- To: public-webauthn@w3.org
I think there's potentially more merit in this specific idea than mine personally. In checking the credential does not have the BE flag that can be done after creation fairly simply, it's just not a great UX. That being said in situations where it's relevant the users are likely issued physical devices for this purpose. When it comes to ensuring it has it, there is a negative UX if we don't allow this feature, as checking _after_ creation may leave a physical authenticator with a slot taken up by a passkey that can't be used, and I don't think there is a nice way to perform cleanup for the user by the RP. -- GitHub Notification of comment by james-d-elliott Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2342#issuecomment-3417451267 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 17 October 2025 22:54:10 UTC