Re: Account -> Options; ScopedCredentialParameters from Alexei Czeskis on 2016-09-23 (public-webauthn@w3.org from September 2016)

From: Alexei Czeskis <aczeskis@google.com>
Date: Fri, 23 Sep 2016 12:42:45 -0700
To: Richard Barnes <rbarnes@mozilla.com>
Cc: W3C WebAuthn WG <public-webauthn@w3.org>
Message-ID: <CAM_SUqcwcWs-sd2ZJ_HNdGBND5A3DU98jpvnQ9N+J-hDtQgiow@mail.gmail.com>

I agree wrt 'account' -- sounds like a good idea.

I kind of like `cryptoParameters` as a name. it forces our hand into trying
to not define a rich policy language.  But `constraints` is fine too.


Thanks!
-Alexei

*____**_**__**_**_**_**_**_**_**_**_**_*

 . Alexei Czeskis .:. Securineer .:. 317.698.4740 .

On Fri, Sep 23, 2016 at 12:30 PM, Richard Barnes <rbarnes@mozilla.com>
wrote:

> Hey folks,
>
> I can't remember if we talked about this before.  Would it make sense to
> move the `account` argument to `makeCredential` into the `options`
> dictionary?  It seems like there are at least some credential types that
> don't require it (e.g., U2F credentials), and it makes the interface a bit
> simpler.
>
> I also wonder whether given the discussion this week it might make sense
> to change the `cryptoParameters` argument to something like `constraints`,
> as is done in getUserMedia [1], as a general "These are the types of
> credential I support" field.  Might not be necessary if we don't want to
> allow the caller to specify anything more than we do now, but might be a
> way to address some of the concerns about, e.g., attestation types, that
> were raised this week.
>
> Thanks,
> --Richard
>
> [1] https://www.w3.org/TR/mediacapture-streams/#constraints
>

Received on Friday, 23 September 2016 19:43:29 UTC