- From: Richard Barnes <rbarnes@mozilla.com>
- Date: Fri, 23 Sep 2016 16:01:41 -0400
- To: Alexei Czeskis <aczeskis@google.com>
- Cc: W3C WebAuthn WG <public-webauthn@w3.org>
- Message-ID: <CAOAcki8+wHpq4qC1kG8rcJLj7qz=FusyyMgZsJafd5CbdxNWCw@mail.gmail.com>
On Fri, Sep 23, 2016 at 3:42 PM, Alexei Czeskis <aczeskis@google.com> wrote: > I agree wrt 'account' -- sounds like a good idea. > Want to make a PR, or do I have to clone the repo? :) I think it should just be an IDL change; might have to shift around how we refer to the thing. I kind of like `cryptoParameters` as a name. it forces our hand into trying > to not define a rich policy language. But `constraints` is fine too. > That's fair enough. Let's have the conversation about what we want RPs to be able to express, and we can name the parameter to match. --Richard > > > Thanks! > -Alexei > > *____**_**__**_**_**_**_**_**_**_**_**_* > > . Alexei Czeskis .:. Securineer .:. 317.698.4740 . > > On Fri, Sep 23, 2016 at 12:30 PM, Richard Barnes <rbarnes@mozilla.com> > wrote: > >> Hey folks, >> >> I can't remember if we talked about this before. Would it make sense to >> move the `account` argument to `makeCredential` into the `options` >> dictionary? It seems like there are at least some credential types that >> don't require it (e.g., U2F credentials), and it makes the interface a bit >> simpler. >> >> I also wonder whether given the discussion this week it might make sense >> to change the `cryptoParameters` argument to something like `constraints`, >> as is done in getUserMedia [1], as a general "These are the types of >> credential I support" field. Might not be necessary if we don't want to >> allow the caller to specify anything more than we do now, but might be a >> way to address some of the concerns about, e.g., attestation types, that >> were raised this week. >> >> Thanks, >> --Richard >> >> [1] https://www.w3.org/TR/mediacapture-streams/#constraints >> > >
Received on Friday, 23 September 2016 20:02:11 UTC