- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Thu, 28 Jun 2018 22:09:14 +0000
- To: public-webauthn@w3.org
[ CTAP RD4 = [fido-client-to-authenticator-protocol-v2.0-id-20180227.html](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) ] I've looked into this issue some and am thinking that we ought to _**not**_, in the webauthn spec, go into details regarding the differences between it and CTAP. This is because the differences are apparently greater than CTAP's use is "integer keys" (as opposed to webauthn's "string keys" (in CBOR-encoded data)). For example, CTAP's [#authenticatorGetAssertion](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#authenticatorGetAssertion) also returns objects where webauthn returns a single value: the returned values for `credential` and `user` and then has commentary describing the platform's behavior: e.g., prompting the user or not and what portion(s) of the data is returned back to the webauthn layer. https://w3c.github.io/webauthn/#sctn-authenticator-model already notes that it describes an "abstract function model". Perhaps it is appropriate to add a Note after the 2nd parag therein saying something along the lines of: > Note: [[FIDO-CTAP]] is an example of concrete instantiation of this model, but it is one in which there are differences in the \<a href="FIDO-CTAP#resources">data it returns\</a> and those expected by the [[#api|WebAuthn API]]'s algorithms. The client platform is expected to perform any needed transformations on such data. The [[FIDO-CTAP]] specification details the needed transformations. WDYT? -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/864#issuecomment-401188389 using your GitHub account
Received on Thursday, 28 June 2018 22:09:21 UTC