- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Tue, 31 Oct 2017 18:45:10 +0000
- To: public-webauthn@w3.org
the webauthn spec steps cited in the original post (OP) (https://github.com/w3c/webauthn/issues/658#issue-267072876) address the case where a (presumably platform) authenticator _MAY_ return some form of "user cancelled the entire operation" indication. Since our "authenticator model" is so far "loosely defined"--such that it can accommodate both CTAP-speaking authenticators and platforms' authnr APIs--the cited step in the OP seems reasonable to me as presently written. If the [CTAP2 error response](https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#error-responses) value of CTAP2_ERR_KEEPALIVE_CANCEL is actually intended to convey that the user somehow signaled _to the authnr_ that they wish to cancel the entire operation (i.e., either registration or authn), then we _could_ add the possibility of explicitly receiving that CTAP2 error response value to the cited alg step. However, I note that the CTAP2_ERR_KEEPALIVE_CANCEL error response value is not actually expliclity employed or otherwise documented in the CTAP spec at this time. Thus I am inclined to leave the cited alg step as-is, and only perhaps add a Note: explaining the steps' purpose. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/658#issuecomment-340868165 using your GitHub account
Received on Tuesday, 31 October 2017 18:45:12 UTC