Emil Lundberg

I missed the last meeting, but judging by the [meeting minutes](https://www.w3.org/2022/08/10-webauthn-minutes.html) it seems @agl approves of merging this. I think that makes enough approvals, so I intend to go ahead...

See also: #1688

> * RP declares the security/usability/scenarios supported for WebAuthn credentials _at their origin_ > > * May be RP has a .well-known URL/file which browser will check if accessed from...

I've discussed a bit with @ve7jtb and we have a proposal for how the "SPC bit" could be stored for external authenticators: essentially, we could "namespace" the RP ID. Specifically:...

>the primary issue I see with this particular approach is that the [RP ID is defined](https://w3c.github.io/webauthn/#rp-id) as a [valid domain string](https://url.spec.whatwg.org/#valid-domain-string), not a URL (or [serialized origin](https://html.spec.whatwg.org/multipage/origin.html#ascii-serialisation-of-an-origin)). Setting them to...

Even if Windows Hello and Safari were to change their implementations in the future, there will continue to exist roaming authenticators that will still overwrite an existing discoverable credential if...

@nickmooney explained the rationale on the call - thanks! In short, the client and authenticator will set up a cryptographically secured channel for future communications. I think where I got...

I believe this is resolved by #1755.

PR #1225 removed some unused ``s from the Authenticator Taxonomy section. We [might want to re-introduce these `dfn`s](https://github.com/w3c/webauthn/pull/1225#discussion_r291854568) at some point.

This seems like a fair idea to me. So what would we imagine the API could look like? Here's one attempt: ``` function cleanUpPublicKeyCredentials({ matching: optional PublicKeyCredentialDescriptor[], notMatching: optional PublicKeyCredentialDescriptor[],...