- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Mon, 04 Jun 2018 12:10:17 +0000
- To: public-webauthn@w3.org
WebAuthn intentionally does not specify how the browser connects to the authenticator; see [ยง6. WebAuthn Authenticator Model][authnr-model] (emphasis added): >The Web Authentication API implies a specific abstract functional model for an authenticator. This section describes that authenticator model. > >Client platforms MAY implement and expose this abstract model in any way desired. [...] > >For authenticators, this model defines the logical operations that they MUST support, and the data formats that they expose to the client and the Relying Party. **However, it does not define the details of how authenticators communicate with the client platform**, unless they are necessary for interoperability with Relying Parties. For instance, this abstract model does not define protocols for connecting authenticators to clients over transports such as USB or NFC. [...] Establishing the connection between browser and authenticator is an implementation detail internal to the browser and/or OS. CTAP is one standardised way to do that which requires no additional integration into the browser. Perhaps it might be possible for an OS driver to expose your ASM to the browser as a CTAP USB HID device, for example, but if your ASM can't be shimmed into CTAP then it will require the browser to directly integrate with it with custom code. Anyway, this issue is out of scope for WebAuthn. This needs to be handled by the browsers and/or your platform OS. [authnr-model]: https://www.w3.org/TR/webauthn/#sctn-authenticator-model -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/928#issuecomment-394332555 using your GitHub account
Received on Monday, 4 June 2018 12:10:24 UTC