- From: Angelo Liao via GitHub <sysbot+gh@w3.org>
- Date: Wed, 02 Nov 2016 20:30:32 +0000
- To: public-webauthn@w3.org
AngeloKai has just created a new issue for https://github.com/w3c/webauthn: == remove id requirement in ScopedCredentialDescriptor == Although our current spec only has one credential type: “ScopedCred”, we may add more types to the spec in the future. In case more types were added in the future and developer hasn’t done works to adopt their server to accept newer types, they would want to only accept credentials of a certain type. However, our current design doesn’t provide a way for them to just search by type. Developer has to provide both credential type and credential id in allowList and excludeList to specify what credentials they find acceptable. To provide more flexibility to the developer to search, I propose we remove the “required” keyword from the id parameter in ScopedCredentialDescriptor and revise the language in the spec about allowList and excludeList being lists of acceptable credentials. Instead, let’s change the language to a “list of search criteria to find credentials acceptable to the callers.” Please view or discuss this issue at https://github.com/w3c/webauthn/issues/245 using your GitHub account
Received on Wednesday, 2 November 2016 20:30:38 UTC