Re: [webauthn] Allow hot-plugged authenticators?

yeah, this seems to be a good point.  

@jcjones 
> Right now our WebAuthn implementation allows hotplugging...

perhaps we ought to use your impl to inform the webauthn spec?  

i wonder if we can handwave in the webauthn spec algorithms that authnrs may appear or disappear during the process ?  

I wonder how one might use webIDL+HTML+infra+etal specs to model something where there is an OnAuthnrBecomesAvailable handler that can add to the available set of authnrs up to the time that one of the authnrs declares success (and vice versa, have a OnAuthnrIsRemoved handler) ?

I wonder whether we actually need to "code" these details in the spec or whether we can use "Note:"s to outline such nuances?  E.g.:

> The set of `currentlyAvailableAuthenticators` may dynamically change during this process and implementations should handle this in order to make the user experience more seamless. E.g., an NFC-connected roaming authenticator will not become "available" until the user physically taps it to their webauthn-enabled device...

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/613#issuecomment-336266380 using your GitHub account

Received on Thursday, 12 October 2017 21:02:15 UTC