- From: Daniel Appelquist <notifications@github.com>
- Date: Thu, 09 Dec 2021 08:21:07 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 9 December 2021 16:21:20 UTC
Hi @nsatragno - we're looking at this (and the general topic of making webauthn more friendly) at our virtual f2f this week. A couple of questions: if the user *does* have an appropriate credential but they don't want to use it - for example, they want to log in as another identity - then what information does the web app know about the user's choice? If the web page displays a username and password dialog at the same time that the browser surfaces a webauthn UI of some kind to pick a credential, isn't that going to be confusing to the user? Since the web page won't know that the browser is supplying this UI (which seems important from a privacy & security standpoint) how is that expected to work? We can see the screenshot in the explainer under Conditional UI, but it isn't clear if this is the current status quo or if this is the aspirational UI. Also: can you please bring the (well written!) explainer over to a markdown file in the appropriate webauthn repo? Also can we suggest that you link to [this document](https://github.com/w3c/webauthn/wiki/Explainer:-broadening-the-user-base-of-WebAuthn) from the explainer in order to help put this one in context? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/692#issuecomment-990005499
Received on Thursday, 9 December 2021 16:21:20 UTC