You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a Passkey user, I am concerned about the potential for vendor lock-in of my credentials.
Specifically, I want to ensure that my credentials can be exported without relying on my current credential provider's willingness to permit the export at the time I want to do it. The current CXP spec appears to allow providers to block (or selectively approve) export requests.
Here's a hypothetical scenario that could unfold with the current version of the CXP protocol as I understand it:
I decide to use provider FOO as my CXP-supporting credentials provider.
FOO provides a great service and over the years, I store more and more of my credentials in it.
Somewhere down the line, FOO realizes that they can make more money by raising their prices, so they do.
People use CXP to switch to provider BAR en masse, which offers similar services at lower prices.
FOO notices this opportunity and adjusts their exporter server's logic to deny requests from BAR, or to deny export requests for users like me who they have determined to be capturable users.
I am now an unhappy user with my credentials stuck in FOO that I need to keep paying in order to not lose them.
Alternative scenarios include the cases where FOO introduces a bug in its exporter logic, or is legally compelled to block all exports by its local jurisdiction, etc. In either way, this causes innocent users' credentials to be left stranded.
This seems like a scenario that CXP should aim to prevent if Passkeys are meant to replace passwords, as passwords do prevent this scenario. I would refer to this property as being "permissionlessly exportable", i.e. it is possible for a user to export their credentials to another provider without needing to make trust assumptions on the provider where the credentials are stored.
How can this be solved? I can think of a few solutions here, but would first like to ensure that there is agreement that having permissionless exportability should be in scope for CXP. Let me know what you think.
The text was updated successfully, but these errors were encountered:
As a Passkey user, I am concerned about the potential for vendor lock-in of my credentials.
Specifically, I want to ensure that my credentials can be exported without relying on my current credential provider's willingness to permit the export at the time I want to do it. The current CXP spec appears to allow providers to block (or selectively approve) export requests.
Here's a hypothetical scenario that could unfold with the current version of the CXP protocol as I understand it:
Alternative scenarios include the cases where FOO introduces a bug in its exporter logic, or is legally compelled to block all exports by its local jurisdiction, etc. In either way, this causes innocent users' credentials to be left stranded.
This seems like a scenario that CXP should aim to prevent if Passkeys are meant to replace passwords, as passwords do prevent this scenario. I would refer to this property as being "permissionlessly exportable", i.e. it is possible for a user to export their credentials to another provider without needing to make trust assumptions on the provider where the credentials are stored.
How can this be solved? I can think of a few solutions here, but would first like to ensure that there is agreement that having permissionless exportability should be in scope for CXP. Let me know what you think.
The text was updated successfully, but these errors were encountered: