- From: Hodges, Jeff <jeff.hodges@paypal.com>
- Date: Sat, 16 Jul 2016 10:01:36 +0000
- To: "J.C. Jones" <jc@mozilla.com>
- CC: W3C WebAuthn WG <public-webauthn@w3.org>
On 7/15/16, 5:52 PM, "J.C. Jones" <jc@mozilla.com> wrote: > >So my question is: why does getAssertion() need a whitelist? Could we add >the >getAssertion() method to the Credential, and make it an object? this actually was an earlier design predating the submitted specs <https://www.w3.org/Submission/2015/02/> IIRC, moving to the whitelist approach with getAssertion() more naturally accommodated use cases involving external/roaming/portable authenticators (authnrs). perhaps we need to elucidate the design rationale... HTH, =JeffH
Received on Saturday, 16 July 2016 10:02:07 UTC