Emil Lundberg
Emil Lundberg
> Do we also have guidance around what happens when these flags change, and what are valid transitions? IE if BE is false, and BS changes from false to true?....
I was also thinking this could perhaps be an addition to the `credProps` and/or `credProtect` extensions.
> probably could be generalized for roaming too? Roaming or not already has the [`authenticatorSelection.authenticatorAttachment` option](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#dom-authenticatorselectioncriteria-authenticatorattachment), and [`getTransports()`](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#dom-authenticatorattestationresponse-gettransports) can sometimes tell what the result ended up being (`"internal"` means platform...
Sorry, I meant to submit 88be1a6dd6701059482c7bbbb1961ea08f84863d as a meta-PR but accidentally pushed it directly into the PR. Let me know if I should roll it back.
See also discussion in #1714
> Perhaps wild suggestion. If an RP requests direct attestation, why wouldn't the platforms offer a device-bound credential in this case? There's the use case where an RP wants to...
We understand that RPs want this and how it would help prevent frustrating user interactions. The debate (or at least a significant part of it) is whether this is a...
The [Credential Private Key](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credential-private-key) definition will probably need a tweak too: >[...] >The credential private key is bound to a particular authenticator - its managing authenticator - and is expected...
Note also that `authenticatorAttachment` is available in both the `create()` and `get()` responses.
@Querulant I don't think I quite understand what you're trying to say, but if you're having trouble with a cryptocurrency wallet or exchange I suggest you turn to the support...