- From: balfanz via GitHub <sysbot+gh@w3.org>
- Date: Fri, 07 Apr 2017 21:40:44 +0000
- To: public-webauthn@w3.org
While I appreciate (and share!) the desire to clarify the relationship between CredMan and webauthn, I think this PR would get us further away from, rather than closer to, a converged webauthn spec. It opens up too many questions that aren't open in the current spec. Examples below: - How requireUserMediation() and the various levels of tests-of-user-presence in webauthn will collide or merge is not clear. - We're thinking of introducing new methods to webauthn, such as a cancel() method, and a promoteAuthenticatorIfAvailable() method. For each of those, we'd have to think through what they mean for the other type of credentials, and will have a problem if we realize that they don't apply well to non-ScopedCredentials. - Similar to requireUserMediation(), store() seems to be a no-op for ScopedCredentials. There are proposals for a merged createAndStore() method circulating on the list, but the necessity to even come up, and consider, and discuss, and argue over, and get consensus on, these kinds of new proposals arises only if we accept this PR. - Create() is a no-op for passwords. In here it's therefore a static method on ScopedCredential. That seems a bit strange. Again, a merged createAndStore() method may rectify this situation, but see above for the problems with that. More details here: https://lists.w3.org/Archives/Public/public-webauthn/2017Apr/0138.html -- GitHub Notification of comment by balfanz Please view or discuss this issue at https://github.com/w3c/webauthn/pull/384#issuecomment-292658726 using your GitHub account
Received on Friday, 7 April 2017 21:40:50 UTC