- From: Mike West via GitHub <sysbot+gh@w3.org>
- Date: Wed, 12 Apr 2017 13:14:28 +0000
- To: public-webauthn@w3.org
> From a Relying Party UX perspective, sites would typically want to offer friendly guidance along the lines of "We're so glad you want to use Windows Hello! This is what to do next and here is what you should expect to see next time." This might be a popover, navigation, flyout pane, etc. Thanks for the clarification, @vijaybh. I guess it's still not clear to me what bits of this flow you expect the user agent to take responsibility for, and what aspects you'd leave up to the site, but as noted below, I'm sold on the separability of the check on the one hand and credential creation on the other. > From the UA side, there is no way to tell the difference between "I am calling makeCredential because I know the user has an NFC or USB token in their pocket, pop up a prompt and ask them to tap it or plug it in" and "I'm just probing to see if I should even offer the user a new and more convenient option, so be as quiet as possible and don't annoy them if it's not there". I was suggesting the `checkWithTheUserWhetherThisIsAtAllPossibleFirst` as being that mechanism of informing the UA of the developer's intent. I agree with you that it's the wrong model if you expect the probe to happen in one context, and the `makeCredential` call to happen in another. Is that what you expect? When do you think developers would call this API? I've been imagining it as part of a sign-up flow, but I realize now that it could also be useful for something like a Google account security checkup flow. In that case you really might not be on the right page (or even right origin) when the developer wants to determine whether the flow would make sense for you. Thanks! Sorry for the noise. :) -- GitHub Notification of comment by mikewest Please view or discuss this issue at https://github.com/w3c/webauthn/issues/345#issuecomment-293571365 using your GitHub account
Received on Wednesday, 12 April 2017 13:14:42 UTC