Tim Cappalli
Tim Cappalli
I think terminology and wording is important. An RP can't disable a certain credential export behavior. They can, however, request a second device-specific, hardware bound key, if they have a...
A passkey is a durable/survivable, FIDO2 discoverable credential (disclaimer: we're still tweaking the formal/official definition). The items @dwaite listed are features to support passkeys.
I don't believe there would be any changes in WebAuthn to support this. It would be all authenticator side. passkeys are just regular old WebAuthn credentials from the perspective of...
From 2022-07-13 call: add in static links to browser issue trackers
> The new `BE` flag in L3 signals whether the credential is hardware-bound to the secure element (when combined with an appropriate attestation). I disagree with this statement. The `BE`...
@mpeng-okta In the case of having region-specific portals, would each region also have its own IdP (which would likely be the FIDO RP)?
+1 for this feature. I have AdGuard Home running on my home network, so I want AdGuard Mac to disable itself when connected to my home Wi-Fi network.
> This has now lead to Apple's iOS and macOS sending BE=true during registration, but BE=false during subsequent usage of the credential during assertion ceremonies. This is likely a bug....
Hi @keikoit, you marked this as a feature proposal, but I don't see any ask here. DPK and DPK attestation are already proposed for Level 3 (https://github.com/w3c/webauthn/issues/1658).
Hi all - there is no spec change ask here, so closing the issue. Based on previous discussions, the requirements for security sensitive services and RPs are well understood, which...