Re: [webauthn] Adding a choice for RP to express preferences for attestation types from Adam Langley via GitHub on 2017-11-16 (public-webauthn@w3.org from November 2017)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Thu, 16 Nov 2017 20:28:12 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-345052493-1510864090-sysbot+gh@w3.org>

My apologies for being absent here: I was on vacation until yesterday.

> @nadalin We are waiting for @balfanz / @christiaanbrand to respond/address our concerns about scary UI and alternate name suggestions.

Addressing the names question. The current enum values in the PR are "none", "verifiable", and "direct". You [suggest](https://github.com/w3c/webauthn/pull/636#issuecomment-344012525) "none", "indirect" / "proxy", and "direct". I think we can easily change the middle value to "indirect".

R.e. UI, I agree [with J.C.](https://github.com/w3c/webauthn/pull/636#discussion_r151280967) that mandating consent is premature here. We determine security UI based on studies and metrics and I wouldn't want to prejudge that.

I will see whether Dirk agrees and, if so, work with him to update the PR.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/636#issuecomment-345052493 using your GitHub account

Received on Thursday, 16 November 2017 20:28:19 UTC