Re: [webauthn] Replace Authenticator Model with CTAP from =JeffH via GitHub on 2017-05-26 (public-webauthn@w3.org from May 2017)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 26 May 2017 19:14:14 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-304365845-1495826052-sysbot+gh@w3.org>

Ah, ok, thanks, that helps. 

> 1. Interfaces like https://w3c.github.io/webauthn/#op-make-cred should give precise types for the parameters and return values. These types should probably be CBOR specified with CDDL, but could be WebIDL.

and/or define how the WebIDL types are mapped to the CDDL/CBOR types?

> 2. The algorithms in https://w3c.github.io/webauthn/#op-make-cred should number their steps, and the steps should be precise about how the authenticator should act. The current precision is close, but for example it should describe the difference between storing the key and encrypting it into the credential ID. 

what we've been told here by folks that ship both browsers and platforms, is that the above stuff ought to be to some degree fuzzy because their platform folks have their own approaches for developing such stuff and if it is spec'd too precisely they will feel hemmed-in. 

> Calling out to existing FIDO specs is totally fine.

well, [U2F](https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/) might be palatable, but apparently [the UAF spec set](https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/) is overall too precisely spec'd for some audiences (it had to be because it is how-to-implement-a-full-pswdless-and-2ndFactor-stack-without-any-existing-platform-support). However, it would seem that UAF can be usefully used as an example of how to do certain things, e.g., as we have been doing for authnr selection.

> 3. Specs like CTAP should describe how to convert the parameters from WebAuthn's types to transferrable types, transfer them, and then convert back to WebAuthn's types in order to call the algorithm bodies, and similarly for the results.

sorry, I do not understand the significance/semantics/underpinnings of "transferrable" and "transfer them"...?


-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/410#issuecomment-304365845 using your GitHub account

Received on Friday, 26 May 2017 19:14:20 UTC