[webauthn] Issue: Authenticator Selection Extension - Client Processing - Clarification marked as stat:Discuss

levangongPayPal has just labeled an issue for 
https://github.com/w3c/webauthn as "stat:Discuss":

== Authenticator Selection Extension - Client Processing - 
Clarification ==
Step 9 of the algorithm in Section 3.1.1 essentially directs the 
client implementation to "run with the first Authenticator that 
indicates success" which is OK as default behaviour. For the Client 
Processing paragraph of the Authenticator Selection extension, we 
should indicate that this step #9 of the makeCredential() algorithm is
 where the change in behaviour happens.

Regarding the behaviour itself, the spec currently says: "it MUST use 
the first available authenticator whose AAGUID is present in the 
AuthenticatorSelectionList".
Since the AAGUID list provided is ordered by decreasing preference, 
couldn't the client behave as follows:
- Allow for a certain amount of time (within time limits already 
defined)
- Select the highest ranking authenticator that indicated success

See https://github.com/w3c/webauthn/issues/95

Received on Thursday, 12 May 2016 20:35:36 UTC