[la6472]

Why do we need another AuthN protocol? We should extend OIDC as needed instead of again trying to reinvent the wheel.

[drdaeman]

In WebAuthn you're actually in possession of your own identity (or, to be more precise, your identity is established between you and website).

In OpenID, OAuth and OpenID Connect the paradigm is completely different, where your identity is provided by someone else.

[la6472]

Yes I get that but I think OIDC could be extended to cover that too whereas the Authenticator or iDP is the local face scanner kr other biometric and then the rest ie exchange of token etc stays the same. That way there won’t be two completely separate path and that will defeat the purpose of SSO. And it looks like there are already some implementation of this https://www.bioid.com/facial-recognition-app/

[bdamm]

Because the interaction with the hardware authenticator is local.

OIDC and WebAuthn can work together.