- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Fri, 10 Nov 2017 15:43:34 +0000
- To: public-webauthn@w3.org
@kpaulh So essentially Chrome ignores this part of [§5.1.3][create].19 and [§5.1.4.1][get].17? >**If any *authenticator* returns a status indicating that the user cancelled the operation,** > > 1. Remove *authenticator* from *issuedRequests*. > 2. For each remaining *authenticator* in *issuedRequests* invoke the `authenticatorCancel` operation on *authenticator* and remove it from *issuedRequests*. That should indeed make it impossible for the caller to see a difference between (1) timeout and (2) the credential is available, but the user denied consent to use it. It doesn't seem like this instruction would add much to the user experience either. So should we just delete it from the spec? [create]: https://w3c.github.io/webauthn/#createCredential [get]: https://w3c.github.io/webauthn/#discover-from-external-source -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/184#issuecomment-343507320 using your GitHub account
Received on Friday, 10 November 2017 15:43:36 UTC