- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Tue, 08 Aug 2017 22:44:20 +0000
- To: public-webauthn@w3.org
equalsJeffH has just created a new issue for https://github.com/w3c/webauthn: == Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential() == In reviewing the present state of [webauthn](http://w3c.github.io/webauthn/) in the context of reviewing some CTAP changes, I (finally, sigh) noticed that we are passing `options.authenticatorSelection.rk` and `options.authenticatorSelection.uv` to authenticatorMakeCredential(). This is unnecessary [IIUC](http://onlineslangdictionary.com/meaning-definition-of/iiuc). Note that `options.authenticatorSelection` members are used in step 21 of [#createCredential](http://w3c.github.io/webauthn/#createCredential) in order to select authenticators having the desired characteristics. It is subsequently not necessary to inform these authnrs to behave in a certain way, because they only behave in whatever their stated behavior fashion is (and as is reported in some platform-specific manner to the webauthn client). For example, this is how UAF authenticators behave (and essentially how authnr selection in UAF works). _Unless_ the authnr model postulated by webauthn is different from U2F and UAF in that authnrs may alter their key storage and user verification behavior on a per-requested credential basis? (I am hoping not). If the answer to the above question is "authnr model not different from U2F & UAF in these aspects", then the resoluition of this issue is to craft a PR which obviates passing `options.authenticatorSelection.rk` and `options.authenticatorSelection.uv` to authenticatorMakeCredential(). Note that a similar PR will need to be crafted for the CTAP spec. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/524 using your GitHub account
Received on Tuesday, 8 August 2017 22:44:21 UTC