Re: [webauthn] authenticatorCancel seems like it can cancel too much

I was using 'current' to mean the call whose timeout was reached. Not quite sure how better to refer to that..

Right, there can be multiple getAssertion calls, and each getAssertion call has a timeout and spawns multiple authenticatorGetAssertion calls. 

Put another way, I've been interpreting the spec to say that each authenticatorGetAssertion call to each authenticator from a given getAssertion call is within an authenticator session that is distinct from the authenticatorGetAssertion calls stemming from a different getAssertion call. And authenticatorCancel only applies to authenticator operations specific to that authenticator session. (Sorry that's a little tongue twisting - I didn't name this stuff!).


-- 
GitHub Notification of comment by kpaulh
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/283#issuecomment-292238274 using your GitHub account

Received on Thursday, 6 April 2017 17:00:15 UTC