W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential()

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Mon, 16 Oct 2017 19:57:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-337018580-1508183873-sysbot+gh@w3.org>
@emlun 
> Isn't this part solved by authenticator extensions?

It *could* (technically) be solved using an extension, if said extension was uniformly employed for authenticator/authnrFeature selection. However, as noted in https://github.com/w3c/webauthn/issues/524#issue-248868185, we are adding (in an essentially ad-hoc fashion) parameters to the [#createCredential](https://w3c.github.io/webauthn/#createCredential) (aka `[[Create]]`) method.  Also, arguments are being made (issue #629) to add similar parameters to the [#getAssertion](file:///Users/jehodges/documents/work/standards/W3C/webauthn/index-jeffh-fixup-algs-contd-3-7b272f1.html#getAssertion) (aka `[[DiscoverFromExternalSource]]`) method.

Also, various parties have stated on the record that they will not honor or pass-through extensions (for at least the time being), so relying on extensions for what some may regard as critical features is suboptimal. 

What this issue is arguing for is having a more carefully-designed, extensible, authenticator and authenticator feature selection mechanism.  This will perhaps become more important as folks gain experience and feel they need to add to the present set of selectable-via-webauthn-api authenticator features. 


-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/524#issuecomment-337018580 using your GitHub account
Received on Monday, 16 October 2017 19:58:04 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC