You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are working on adding the notion of "public key credential source backup" to the WebAuthn spec in PR w3c/webauthn#1695.
The Credman spec's concepts of credential source and credential store ought to be updated to provide general foundational concepts for "[credential [source|store] ] backup/sync" that dependent specs such as WebAuthn can then build upon. Note that user agents are presently syncing / backing up password credential sources (or their entire credential stores, depending on how one looks at it (and depending upon the implementation)).
Note that at this time the proposed terminology is in this vein:
credential sources are "backed up" or "not backed up"
The mechanisms for "backing up" credential sources may include "syncing" of some form, or "manual import/export" (i.e., copying) of some form. E.g.:
Backup can occur via mechanisms including but not limited to peer-to-peer sync, cloud sync, local network sync, and manual import/export.
[ additional various terms to help in finding this issue in the future (this is not advocating for the use of any particular ones of these terms):
back up
backed up
credential backup
credential sync
credential source sync
]
The text was updated successfully, but these errors were encountered:
We are working on adding the notion of "public key credential source backup" to the WebAuthn spec in PR w3c/webauthn#1695.
The Credman spec's concepts of credential source and credential store ought to be updated to provide general foundational concepts for "[credential [source|store] ] backup/sync" that dependent specs such as WebAuthn can then build upon. Note that user agents are presently syncing / backing up password credential sources (or their entire credential stores, depending on how one looks at it (and depending upon the implementation)).
Credman presently hints at syncing of credential sources in the Requiring User Mediation section where it states "consider a user agent which syncs this flag’s state across devices", the "flag" being the "prevent silent access flag" which is maintained in the credential store. This ought to be tied into a more formalized notion of credential source backup (sync).
Note that at this time the proposed terminology is in this vein:
[ additional various terms to help in finding this issue in the future (this is not advocating for the use of any particular ones of these terms):
back up
backed up
credential backup
credential sync
credential source sync
]
The text was updated successfully, but these errors were encountered: