[w3ctag/design-reviews] Web Authentication Immediate Mediation (Issue #1092) from Ken Buchanan on 2025-05-12 (public-webapps-github@w3.org from May 2025)

From: Ken Buchanan <notifications@github.com>
Date: Mon, 12 May 2025 14:04:17 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/1092@github.com>

kenrb created an issue (w3ctag/design-reviews#1092)

こんにちは TAG-さん!

I'm requesting a TAG review of a new mediation mode for getting WebAuthn assertion, `immediate`.

This mode does the following:
* If there are discoverable WebAuthn credentials available immediately to the user agent, it shows them to the user for selection.
* If there are no such credentials, throw `NotAllowedError`.

This differs from existing WebAuthn modal sign-in flows in that they always show UI, allowing users to attempt to use WebAuthn credentials from external authenticators or phones.

This differs from the existing WebAuthn `conditional` mediation flow in that `conditional` does not return an error if there are no available credentials. In that case the promise never resolves.

  - Explainer¹: https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediation
  - Specification: https://github.com/w3c/webauthn/pull/2291
  - WPT Tests: Pending
  - Security and Privacy self-review²: https://github.com/w3c/webauthn/wiki/Security-&-Privacy-Self%E2%80%90Review:-Immediate-Mediation
  - GitHub repo: https://github.com/w3c/webauthn/
  - Primary contacts:
      - @kenrb, Google, co-author
      - @deephand, Google, co-author
  - Organization/project driving the specification: Google Chrome
  - Primary standards group developing this feature: Web Authentication WG
  - Incubation and standards groups that have discussed the design:
    - Github issue: https://github.com/w3c/webauthn/issues/2228
    - WebAuthn F2F notes (see issue 2228): https://docs.google.com/document/d/1mfIPmwIeZDSBshSiO88nX8cLW4Vd6bpARyyQVZZDkJs/edit
  - Multi-stakeholder support³:
    - Chromium comments: Supports
    - Mozilla comments: No official position
    - WebKit comments: No official position; interest expressed in F2F meeting minutes linked above
  - Status/issue trackers for implementations⁴: ChromeStatus https://chromestatus.com/feature/5164322780872704

Further details:
  - [X] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/1092
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/1092@github.com>

Received on Monday, 12 May 2025 21:04:20 UTC