Re: [webauthn] Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential()

notes from discussion in Sydney regarding this -- I have these four issues to submit on webuthn and CTAP as noted: 

I gave preso on webauthn issue #524 & ctap issue #318
 AIs:                                                       ***!!!
 1. sub issue on CTAP & webauthn clarify authn model that UP, UV are selectable at getAssn() & makeCred() times
 
 2. sub issue on CTAP that getAssn step 4 is unclear wrt what happens if both UP & UV are set
  also wht about default authnr behavior and RPs needing to change code to instruct authnrs?  dirk asserts the default values for up and uv handle that, but this is mmodel change in that what about an RP that is utilizing UAF authnrs with default UV behavior?

 3. submit webauthn issue for Ostensibly, IIUC, one wants/needs to pass authenticatorSelection.uv in the #getAssertion call, but authenticatorSelection is part of MakePublicKeyCredentialOptions, which is not passed at all to #getAssertion.
 
 4. submit webauthn issue for CTAP expects up (user presence test) and uv to be passed to authenticatorGetAssertion, but there is no presently specified means for that to be done in #getAssertion. This was apparently an omission in PR #460 that we missed in review.

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/524#issuecomment-335933837 using your GitHub account

Received on Wednesday, 11 October 2017 20:13:22 UTC