Re: [webauthn] Authenticator selection extension - should makeCredential fail if no specified authenticator can be found? from Rolf Lindemann via GitHub on 2016-09-29 (public-webauthn@w3.org from September 2016)

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Thu, 29 Sep 2016 07:03:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-250387022-1475132627-sysbot+gh@w3.org>

The rationale was to make sure that the user gets prompted by *some* 
authenticator in order to know that someone is trying to figure out 
what authenticators are present on that machine.

So this don't fail but use other authenticator was intended as a 
privacy features as we heardprivacy complaints about a more generic 
authenticator discovery feature before (which it would be in the case 
of returning a silent error code if the preferred authenticator is not
 present).

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/227#issuecomment-250387022 
using your GitHub account

Received on Thursday, 29 September 2016 07:03:56 UTC