Tim Cappalli
Tim Cappalli
> I'd be happy to take this on. I propose that > > * For (1) we simply remove the "non-normative" claim and keep the normative SHOULDs in the list....
Since the flags are for UX optimizations and business logic, there will naturally be variations in how they're used (or even if they're used at all by some RPs). The...
This can be addressed as part of https://github.com/w3c/webauthn/issues/1720
> DPK also isn't about creating a "per device key", it's still a key that is shared between multiple devices, but it allows the attestation to "follow" This is not...
> Erroring "after" registration and trying to communicate why that error occurred is a terrible process. While I generally agree that this results in a poor user experience, this is...
We should avoid using the term "sync" in the WebAuthn spec. Sync is one specific mechanism of moving/copying/migrating credentials. Other terms include: - "copy" - "move" - "backup" - "export"...
I'm fine with that in the terminology section: "... also known as a single-device passkey"
> Will these use cases also discuss when RP's want to *exclude* multi-device credentials? Proposed text and/or PRs are welcome!
This may be of interest: https://github.com/WICG/proposals/issues/42
If an RP does not wish to leverage platform passkeys, they can request a hardware-bound device public key using the extension.