[webauthn] Consider allowing RPs to indicate that they want platform authenticators to be synced across devices from Alexei Czeskis via GitHub on 2018-06-25 (public-webauthn@w3.org from June 2018)

From: Alexei Czeskis via GitHub <sysbot+gh@w3.org>
Date: Mon, 25 Jun 2018 17:38:21 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-335502012-1529948300-sysbot+gh@w3.org>

leshi has just created a new issue for https://github.com/w3c/webauthn:

== Consider allowing RPs to indicate that they want platform authenticators to be synced across devices ==
Some RPs may want to allow key material associated with platform authenticators to be synched across devices.

For example, this might allow a user who sign into their browser or OS to automatically have all their platform authenticators available in the new browser session.

I believe that for this to be a feature, RPs must explicitly indicate that they want this.  We should also consider adding some kind of additional platform binding such that it's clear when the user comes from a new machine (though cookies might be enough for this).

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/969 using your GitHub account

Received on Monday, 25 June 2018 17:38:24 UTC