- From: J.C. Jones <jc@mozilla.com>
- Date: Wed, 13 Jul 2016 15:07:51 -0700
- To: W3C WebAuthn WG <public-webauthn@w3.org>
- Message-ID: <CAObDDPBbnAruaLBh8RnXnj9uCA3POPpjP+KDye8hnvaoG5zVfg@mail.gmail.com>
All, In PR #142 I had proposed to remove the ScopedCredentialParameters tuple used in the makeCredential() call, replacing it instead with lists of supported credential types and algorithms. That proposed change is now in PR #143: https://github.com/w3c/webauthn/pull/143 This change would remove an object, and keep RPs from having to construct (potentially) long lists of credential type/algorithm combinations. However, Vijay pointed out that losing this flexibility could be an issue for RPs, as "if a new type gets defined next year, and a new algorithm the year after that, the RP would have to backport the new algorithm to old types as well?" [1] As discussed on the call for 13 July 2016, whether or not this simplification is good is dependent on how RPs implement credentials types and algorithms. Would it be a true statement for most RP implementations that, if a signing algorithm is supported, it would be supported for all supported credential types? Or is the added flexibility of picking-and-choosing necessary? I can only make assumptions, having not designed/built an RP. Please respond on this thread for this question; that'll inform whether we should continue reviewing PR #143, or abandon it. Thanks! J.C. 1) https://github.com/w3c/webauthn/pull/142#discussion_r70354506
Received on Wednesday, 13 July 2016 22:08:41 UTC