[webauthn] Authenticator selection extension - should makeCredential fail if no specified authenticator can be found? from Vijay Bharadwaj via GitHub on 2016-09-29 (public-webauthn@w3.org from September 2016)

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Thu, 29 Sep 2016 05:17:39 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-179954752-1475126257-sysbot+gh@w3.org>

vijaybh has just created a new issue for 
https://github.com/w3c/webauthn:

== Authenticator selection extension - should makeCredential fail if 
no specified authenticator can be found? ==
In https://w3c.github.io/webauthn/#extension-authenticator-selection 
the current text says that if the client cannot find any 
willing-and-able authenticator with one of the specified AAGUIDs, then
 it must just go ahead and use another authenticator. However in 
working through use cases it seems unlikely that such an authenticator
 will ever be acceptable to an RP that cared deeply enough to specify 
this extension. Of course a client can always ignore extensions, but 
it seems like a client that supports this extension could provide a 
better UX by failing out in this case (though maybe after waiting a 
bit so as not to enable fingerprinting of the client).

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/227 using your GitHub account

Received on Thursday, 29 September 2016 05:17:48 UTC