- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Fri, 13 May 2016 13:43:51 +0000
- To: public-webauthn@w3.org
equalsJeffH has just labeled an issue for https://github.com/w3c/webauthn as "type:editorial": == Clarify when an extension may be ignored by user agent == There does not seem to be any reason for a web authn. client to block an inbound or outbound extension that is supported by the authenticator and does not require any client processing. Last paragraph in 5 does not make this clear. Recommend following text: "All WebAuthn extensions are optional for both clients and authenticators. Thus, any extensions requested by a WebAuthn Relying Party may be ignored by the client browser or OS (if client processing is required for the extension) and not passed to the authenticator at all, or they may be ignored by the authenticator. However, an extension that is supported by an authenticator that does not require client processing should be passed to the authenticator. Ignoring an extension is never considered a failure in the WebAuthn API, so when WebAuthn Relying Parties include extensions with any API calls, they must be prepared to handle cases where some or all of those extensions are ignored." See https://github.com/w3c/webauthn/issues/97
Received on Friday, 13 May 2016 13:43:53 UTC