- From: levangongPayPal via GitHub <sysbot+gh@w3.org>
- Date: Thu, 12 May 2016 20:35:34 +0000
- To: public-webauthn@w3.org
levangongPayPal has just labeled an issue for https://github.com/w3c/webauthn as "stat:Discuss": == Authenticator Selection Extension - Client Processing - Clarification == Step 9 of the algorithm in Section 3.1.1 essentially directs the client implementation to "run with the first Authenticator that indicates success" which is OK as default behaviour. For the Client Processing paragraph of the Authenticator Selection extension, we should indicate that this step #9 of the makeCredential() algorithm is where the change in behaviour happens. Regarding the behaviour itself, the spec currently says: "it MUST use the first available authenticator whose AAGUID is present in the AuthenticatorSelectionList". Since the AAGUID list provided is ordered by decreasing preference, couldn't the client behave as follows: - Allow for a certain amount of time (within time limits already defined) - Select the highest ranking authenticator that indicated success See https://github.com/w3c/webauthn/issues/95
Received on Thursday, 12 May 2016 20:35:36 UTC