[w3ctag/design-reviews] Credential Management: Conditional Mediation (Issue #692)

Nyanpasu~ TAG!

I'm requesting a TAG review of Credential Management: Conditional Mediation.

A new kind of mediation in credential management that instructs the user agent not to display UI unless the user has credentials. Designed to solve the bootstrapping problem when replacing passwords by WebAuthn credentials: websites should be able to fire a WebAuthn call while showing a regular password prompt without worrying about showing a modal dialog error if the device lacks appropriate credentials.

Conditional Mediation is built on top of credential management to allow integration with other credential types.

  - [Explainer¹ (minimally containing user needs and example code)](https://docs.google.com/document/d/11hWpUPAnblPtkn1f7AIQW0ujoiu_BAKzlMVhZKQPiW8). Focuses on the WebAuthn use case.
  - [Specification URL](https://github.com/w3c/webappsec-credential-management/pull/155)
  - Tests: not yet
  - [Security and Privacy self-review²](https://github.com/w3c/webappsec-credential-management/wiki/Conditional-mediation-TAG-security-&-privacy-questionnaire)
  - Primary contacts (and their relationship to the specification):
      - Nina Satragno (@nsatragno), Google, editor.
      - Jeff Hodges (@equalsjeffh), Google, editor.
  - Organization(s)/project(s) driving the specification: Google / WebAuthn WG
  - Key pieces of existing multi-stakeholder review or discussion of this specification: [CredMan PR discussion](https://github.com/w3c/webappsec-credential-management/pull/155), [WebAuthn issue](https://github.com/w3c/webauthn/issues/1545) and [companion PR](https://github.com/w3c/webauthn/pull/1576).
  - External status/issue trackers for this specification: [Chrome Status](https://chromestatus.com/feature/5026422640869376).

Further details:

  - [X] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - Relevant time constraints or deadlines: N/A
  - The group where the work on this specification is currently being done: Web Authentication
  - Major unresolved issues with or opposition to this specification: None.
  - This work is being funded by: Google

You should also know that this feature has two parts: adding "Conditional Mediation" to Credential Management and the particular utilization of it by the WebAuthn spec. We would like to have TAG review the first part here. The second part is included in #686.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  💬 leave review feedback as a **comment in this issue** and @-notify nsatragno@ equalsjeffh@


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/692

Received on Thursday, 25 November 2021 21:35:01 UTC