W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2017

Re: [webauthn] remove "required" on ScopedCredentialDescriptor.id

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Thu, 18 May 2017 01:47:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-302277978-1495072077-sysbot+gh@w3.org>
Making `id` optional for future expandability seems reasonable.

I think the language updates around usage are already handled. For example, using a credential right now says (emphasis mine):

> This optional member contains a list of PublicKeyCredentialDescriptor object representing public key credentials **acceptable to the caller, in decending order of the caller’s preference** (the first item in the list is the most preferred credential, and so on down the line).

(ExcludeList looks fine as it's written now, too)

So I'd support a PR that marks `PublicKeyCredentialDescriptor.id` optional. I could go either way about adding the note to PublicKeyCredentialType to the effect that `PublicKeyCredentialDescriptor.id` is mandatory for `"public-key"` types, because I feel like it's self-evident when you have a key handle.


-- 
GitHub Notification of comment by jcjones
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/245#issuecomment-302277978 using your GitHub account
Received on Thursday, 18 May 2017 01:48:05 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:26 UTC