W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2016

[webauthn] Authenticator selection extension - should makeCredential fail if no specified authenticator can be found?

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Thu, 29 Sep 2016 05:17:39 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-179954752-1475126257-sysbot+gh@w3.org>
vijaybh has just created a new issue for 
https://github.com/w3c/webauthn:

== Authenticator selection extension - should makeCredential fail if 
no specified authenticator can be found? ==
In https://w3c.github.io/webauthn/#extension-authenticator-selection 
the current text says that if the client cannot find any 
willing-and-able authenticator with one of the specified AAGUIDs, then
 it must just go ahead and use another authenticator. However in 
working through use cases it seems unlikely that such an authenticator
 will ever be acceptable to an RP that cared deeply enough to specify 
this extension. Of course a client can always ignore extensions, but 
it seems like a client that supports this extension could provide a 
better UX by failing out in this case (though maybe after waiting a 
bit so as not to enable fingerprinting of the client).

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/227 using your GitHub account
Received on Thursday, 29 September 2016 05:17:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:26 UTC