[webauthn] Authenticator Selection Extension - Client Processing - Clarification from levangongPayPal via GitHub on 2016-05-12 (public-webauthn@w3.org from May 2016)

From: levangongPayPal via GitHub <sysbot+gh@w3.org>
Date: Thu, 12 May 2016 20:35:34 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-154575247-1463085334-sysbot+gh@w3.org>

levangongPayPal has just created a new issue for 
https://github.com/w3c/webauthn:

== Authenticator Selection Extension - Client Processing - 
Clarification ==
Step 9 of the algorithm in Section 3.1.1 essentially directs the 
client implementation to "run with the first Authenticator that 
indicates success" which is OK as default behaviour. For the Client 
Processing paragraph of the Authenticator Selection extension, we 
should indicate that this step #9 of the makeCredential() algorithm is
 where the change in behaviour happens.

Regarding the behaviour itself, the spec currently says: "it MUST use 
the first available authenticator whose AAGUID is present in the 
AuthenticatorSelectionList".
Since the AAGUID list provided is ordered by decreasing preference, 
couldn't the client behave as follows:
- Allow for a certain amount of time (within time limits already 
defined)
- Select the highest ranking authenticator that indicated success

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/95 using your GitHub account

Received on Thursday, 12 May 2016 20:35:36 UTC