Review PR 378: from Angelo Liao on 2017-04-25 (public-webauthn@w3.org from April 2017)

From: Angelo Liao <huliao@microsoft.com>
Date: Tue, 25 Apr 2017 23:13:58 +0000
To: W3C WebAuthn WG <public-webauthn@w3.org>
Message-ID: <BN6PR03MB27692E815C60233B036D8D30D71E0@BN6PR03MB2769.namprd03.prod.outlook.com>

Hi Everyone,

I am sending a mail to remind everyone to review PR 378: Enable RP to choose authenticators based on key storage capability. <https://github.com/w3c/webauthn/pull/378> Thanks to Jeff and Vijay for reviewing the PR. My view on the PR is that the PR is really not about authenticator selection but rather a bug fix on the original API interface. Without the PR, developers who want to use "get" with only challenge would find the failure cases a lot of times.

I am perfectly happy with additional discussions about adding a framework for authenticator selection to aid user experience. But I don't think adding the framework is that closely related to this PR because this PR is to ensure developers can get users logged in smoothly based on their intent when they created the credential. That's also why the Edge team wants to ensure the PR is added. Web developers we talked to have said they cannot log users in (aka use the method "get") without having this parameter.

Angelo

Received on Tuesday, 25 April 2017 23:14:36 UTC