Re: Shopify WebAuthn UX from Bart de Water on 2020-05-18 (public-webauthn-adoption@w3.org from May 2020)

From: Bart de Water <bart.dewater@shopify.com>
Date: Mon, 18 May 2020 12:33:33 -0400
To: Christiaan Brand <cbrand@google.com>
Cc: public-webauthn-adoption@w3.org
Message-ID: <CAL0u942kW219XkzijWCEcc+JQrS0Z1RMB_tnnyEsr9h1BcH1ng@mail.gmail.com>

Hey Christiaan,

Yes, that distinction clear was something we were struggling with at the
time from a UX perspective. If I remember correctly this was implemented
before getTransports() was a thing, we discussed using attestation but that
was a no-go due to how disruptive it was to have the registration ceremony
aborted if the user did not consent to sharing that information.

On Mon, May 18, 2020 at 11:59 AM Christiaan Brand <cbrand@google.com> wrote:

> Thanks for sending this along, Bart!
>
> I do see some conflation between physical security keys and
> platform authenticators that the "How to Fido" doc tries to address -- as
> you also stated :)
>
> On Mon, May 18, 2020 at 8:54 AM Bart de Water <bart.dewater@shopify.com>
> wrote:
>
>> Hi all,
>>
>> As discussed on the last call, here's screenshots of our current WebAuthn
>> UX:
>> https://docs.google.com/document/d/1x9mmSIvfjO2GOLNg7sd1zxD0j5-5FyeQGuZ3wO5sAaM/edit?usp=sharing
>> - I can imagine we'll incorporate some of Google's "How to FIDO" tips at
>> some point.
>>
>> Cheers,
>> Bart
>>
>

Received on Monday, 18 May 2020 16:51:57 UTC