Re: [webauthn] Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential()

Some comments:
a) we should define whether up is expected to be set (or ignored) when uv is set.  The flags "up" and "uv" are not fully orthogonal, it is more like an enumeration with 3 values: nothing=0, up=1, uv=2.  We also should be clear whether a bit should be (1) used by the platform to select an authenticator or (2) by an authenticator to influence its behavior.
b) This bit-fiddling stuff limits extensibility and makes it more difficult to understand - especially once we have the need to add more things which are hard to be represented as a set of bit flags (like enumerations).
c) The UVM approach is much cleaner.  We are adding more complication by modeling some things through a bit field and others through CBOR - especially when those things are closely related.  
d) We are in the way to add more capabilities for authenticatorSelection and are now starting to add things for authenticatorInfluencing.  It will likely make things easier to understand for platform and authenticator developers if we would distinguish authenticatorSelection (by the platform) and authenticatorInfluencing in the parameters and support more generic concepts of encoding individual fields (than just another set of bits).

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/524#issuecomment-328840779 using your GitHub account

Received on Tuesday, 12 September 2017 12:42:33 UTC