Re: Benefits of exposing webauthn through navigator.credentials from Mike West on 2017-04-11 (public-webauthn@w3.org from April 2017)

From: Mike West <mkwst@google.com>
Date: Tue, 11 Apr 2017 16:08:38 +0200
To: Vijay Bharadwaj <vijaybh@microsoft.com>
Cc: Dominic Battre <battre@google.com>, Jeffrey Yasskin <jyasskin@google.com>, "Hodges, Jeff" <jeff.hodges@paypal.com>, Dirk Balfanz <balfanz@google.com>, "public-webauthn@w3.org" <public-webauthn@w3.org>
Message-ID: <CAKXHy=fJvM9Hp-7YNUWkm6VVpn47aDLmFhK=CNzT=35D5YWpbg@mail.gmail.com>

On Mon, Apr 10, 2017 at 5:38 PM, Vijay Bharadwaj <vijaybh@microsoft.com>
wrote:

> Adding context for Mike: “promoteAuthenticatorIfAvailable()” refers to
> the (yet to be finally named) API proposed in https://github.com/w3c/
> webauthn/issues/345
>

Thanks, Vijay!

That's an interesting proposal. With regard to this discussion, there might
be a case to be made that such a proposal could be valuable for federated
credentials (e.g. your user agent knows you have a Facebook account, and
could prompt you to sign in using that mechanism rather than a password).
I'm not sure whether that's enough to justify putting a method on the
`CredentialsContainer` object, though; it's probably worth starting with
something more narrowly scoped to a specific credential type.

That said, another way of looking at this is as a special case of
`create()`. The main difference seems to be the UI presentation and flow
that you're asking the user agent to provide. I'll comment on the bug, as
it sounds like y'all already considered and rejected that approach as too
clunky and confusing. :)

-mike

Received on Tuesday, 11 April 2017 14:09:34 UTC