- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Tue, 23 Jan 2018 21:57:44 +0000
- To: public-webauthn@w3.org
ve7jtb has just created a new issue for https://github.com/w3c/webauthn:
== Aligning PublicKeyCredentialUserEntity with CTAP ==
Sec 5.4 lists id, displayName, and name
Sec 5.4.3 only lists id and displayName as required in the dictionary.
Should name be optional?
The CTAP spec states
This PublicKeyCredentialUserEntity data structure describes the user account to which the new public key credential will be associated at the RP. It contains an RP-specific user account identifier, (optionally) a user name, (optionally) a user display name, and (optionally) a URL pointing to an image (of a user avatar, for example). The authenticator associates the created public key credential with the account identifier, and MAY also associate any or all of the user name, user display name, and image data (pointed to by the URL, if any).
The CTAP example is:
var user = {
id: Uint8Array.from(window.atob("MIIBkzCCATigAwIBAjCCAZMwggE4oAMCAQIwggGTMII="), c=>c.charCodeAt(0)),
icon: "https://pics.acme.com/00/p/aBjjjpqPb.png",
name: "johnpsmith@example.com",
displayName: "John P. Smith"
};
icon is not mentioned at all in this spec.
We need to clarify name and icon if we expect browsers to pass these through to the authenticator and or display these to the user. Otherwise they should be removed from CTAP or appropriate comments added that they won't be passed through the browser.
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/757 using your GitHub account
Received on Tuesday, 23 January 2018 21:57:48 UTC