W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] CTAP/U2F doesn't status indicating the user cancelled the operation

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 31 Oct 2017 18:45:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-340868165-1509475509-sysbot+gh@w3.org>
the webauthn spec steps cited in the original post (OP) (https://github.com/w3c/webauthn/issues/658#issue-267072876) address the case where a (presumably platform) authenticator _MAY_ return some form of "user cancelled the entire operation" indication.  

Since our "authenticator model" is so far "loosely defined"--such that it can accommodate both CTAP-speaking authenticators and platforms' authnr APIs--the cited step in the OP seems reasonable to me as presently written. 

If the [CTAP2 error response](https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#error-responses) value of  CTAP2_ERR_KEEPALIVE_CANCEL is actually intended to convey that the user somehow signaled _to the authnr_ that they wish to cancel the entire operation (i.e., either registration or authn), then we _could_ add the possibility of explicitly receiving that CTAP2 error response value to the cited alg step. 

However, I note that the CTAP2_ERR_KEEPALIVE_CANCEL error response value is not actually expliclity employed or otherwise documented in the CTAP spec at this time.  Thus I am inclined to leave the cited alg step as-is, and only perhaps add a Note: explaining the steps' purpose. 



-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/658#issuecomment-340868165 using your GitHub account
Received on Tuesday, 31 October 2017 18:45:12 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:29 UTC