- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Fri, 04 May 2018 17:41:20 +0000
- To: public-webauthn@w3.org
@emlun >I'm also curious about what UX would be expected if the RP passes an allowCredentials with one credential with platform attachment and one with cross-platform attachment... We show option to use external authenticator when we cannot find all the credentials in our local platform. I can give a demo at plenary. @christiaanbrand Username less flows are very important to us. That's the magical experience we want to achieve in web also as we are doing in our windows login. Now consider a scenario where RPs has expressed interest in platform authenticators for whatever reason by selecting platform during MakeCredential. All their credentials are platform ones. User has created multiple platform credentials on different machines. Now if it goes to a new machine, and tries to do username less flow, nothing will match and we are currently falling back to external authenticators which RP never intended. This is one issue. Another issue is somehow keystore gets reset and even if RP has cookies, we are falling back to external devices. We cannot rely on cookies. User clears cookies all the time. Regarding what to show when there is a match in platform authenticator and there is an ambiguity, we provide an option to the user to select external device also if it chooses to. We have streamlined the experience to directly use the platform authenticator with an option to go to external authenticator as part of that dialog box. This may be the scenario where a user has created platform authenticator for convenience and external authenticator for backup or roaming or something. Regarding getting transports from authenticator certificate, not every vendor is putting this information in the attestation certificate. If we have to support multiple transports for a given authenticator, as of now the best place to get this information IMO is authenticatorGetInfo. I also want to understand transports better at plenary. Lets discuss this in more detail and go through the different user types journey. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/pull/882#issuecomment-386674829 using your GitHub account
Received on Friday, 4 May 2018 17:41:23 UTC