- From: Alexei Czeskis via GitHub <sysbot+gh@w3.org>
- Date: Tue, 13 Sep 2016 20:09:02 +0000
- To: public-webauthn@w3.org
Addressing comments: **Processing Rules and exclude list** The hints are needed because of how the exclude list is used in practice. Specifically, for Authenticators that don't have storage, the Client will actually use the exclude list to construct dummy challenges to those Authenticators. If a non-error reply is received, then the Client knows to exclude said Authenticator. Hence, the Client gets benefit from the transport hints in such a case. **About 'internal' authenticators** Consider the case where a Client receives a credential without any hints. The Client checks to see if it's from a local Authenticator and finds out 'no'. Now, this credential could either be an internal credential from another device, so it doesn't even make sense for this Client to ask the user to plug anything in, pair anything, tap anything. Or it could be a credential from an external device, so some user action is required. What is a Client to do in such cases? **Multiple transports** As written multiple transports are supported. Did I miss something? **How the server gets transports in the first place** During the call, we proposed that this comes from metadata service. Do people think that I should go ahead and add such details to the spec? **Processing Rules** Will add after above issues are resolved. -- GitHub Notification of comment by leshi Please view or discuss this issue at https://github.com/w3c/webauthn/pull/194#issuecomment-246807567 using your GitHub account
Received on Tuesday, 13 September 2016 20:09:09 UTC