-
# Help needed
- **Maintainers desperately needed, particularly:**
- Security researchers
- People with experience writing devise gems
- Documentation for [warden-webauthn](https://github.com/rub…
-
The following are specified in the same place:
https://w3c.github.io/webauthn/#dictdef-authenticatorselectioncriteria
```
dictionary AuthenticatorSelectionCriteria {
DOMString …
-
Hello, @emlun !
I have a question. I saw several variants of cross-domain rp-ids, like example: ```my-site.my-domain.com``` and ```my-site-2.my-domain.com```. We could make rp-id like ```my-domain.co…
-
2fa can be disabled for staff + superusers that don't have a TOTP device set up, but as as soon as you enable 2fa, you're stuck with it for that user (in the sense that it cannot be disabled programma…
-
Specifically, it is handling 'preferred' as 'required'.
By my reading of the Webauthn spec, the handling of 'preferred' depends of the definition of ['Protected by some form of User Verification'](…
-
From the TAG security and privacy questionnaire: what behavior do we want if the API is invoked from a disconnected document (like a same-origin iframe)? Probably just immediately fail, right?
But …
-
Authentication using a device such as a yubikey is unsupported. Could this potentially be a limitation of WebkitGtk?
-
Some questions to answer:
* What is/is not a passkey?
* How do you implement passkeys for various authentication frameworks (including legacy/roll your own)
* What do you do if your stakeholders/cu…
-
there is a "new" version of JOSE called COSE which is based on CBOR instead of JSON https://tools.ietf.org/html/rfc8152
it is used; for example, in the new https://www.w3.org/TR/webauthn/ browser A…
-
**Is your suggestion related to a missing or misleading document? Please describe.**
Below improvements should be done for FIDO related documentations.
- Improve docs with WSO2 FIDO flow probably wi…