- From: Mike West via GitHub <sysbot+gh@w3.org>
- Date: Mon, 24 Apr 2017 08:12:15 +0000
- To: public-webauthn@w3.org
We talked about this a little bit before the merge, and I agree that having two attributes is a bit confusing. I can see two ways of resolving that confusion:
1. We change `Credential::id` to be something like:
```
typedef (ArrayBuffer or DOMString) CredentialIdentifier;
partial interface Credential {
CredentialIdentifier id;
};
```
And then let credential types pick one or the other as they like, enabling `ScopedCredential` to return an `ArrayBuffer` as its `id` and drop `rawId` entirely.
2. We drop `rawId`, leaving only the `DOMString` serialization of the identifier.
Naïvely, I'd prefer 2: My understanding of the use case for `id` is that it serves as something like the index into a database on the server, and needs to be somehow serialized for transport in any event. Giving developers a canonical serialization seems like a reasonable thing to do, guiding them down a sane path for implementation.
That said, the spec is pretty light on examples around what client-side code should be doing with any of the credential's properties ("Send new credential info to server for verification and registration"). If it really is more useful to have an `ArrayBuffer` (or a view into the same), I'm sure we can work something out.
--
GitHub Notification of comment by mikewest
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/412#issuecomment-296569470 using your GitHub account
Received on Monday, 24 April 2017 08:12:25 UTC