- From: =JeffH <Jeff.Hodges@KingsMountain.com>
- Date: Wed, 26 Apr 2017 09:12:16 -0700
- To: Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>
- Cc: W3C Web Authn WG <public-webauthn@w3.org>
The webauthn F2F Feb-2017 minutes, in section <https://www.w3.org/2017/02/13-webauthn-minutes.html#item05> say in part: [...] [reference back to transparency...] rolf: we sgreed before that we'd pass things though by default everyone: NO. [...] "everyone" in the above excerpt should be changed to "browser vendors". background: PayPal, NNL, Intuit, Yubico had just argued for extension implementation and data pass-thru between authnrs and RPs. See discussion in the above-cited section of the minutes. See also the clarifying note I added to the end of the minutes <https://www.w3.org/2017/02/13-webauthn-minutes.html#item06>: <jeffh> all: long discussion (yet again) wrt extensions and whether they are honored/supported/passed-thru by browsers. result for now is keep extns in spec as-is, ensure the "they are optional" language is there, and also language that the browser can drop unprompted extension emitted by authnr. note: there is non-trivial pushback in room wrt this -- some (RPs, authnr vendors) want browsers to (best case) agree to a list of extensions that are supported. --- end
Received on Wednesday, 26 April 2017 16:12:55 UTC