- From: balfanz via GitHub <sysbot+gh@w3.org>
- Date: Mon, 18 Sep 2017 21:32:34 +0000
- To: public-webauthn@w3.org
Hi Angelo, thanks for pointing to the meeting notes again. :-) I'll highlight the relevant passages: > Dirk: the browser should take care of the complexity. Another point is that we shouldn't have to worry about making a distinction between server and the frontend JS > ... > Richard: [...] I and Dirk will look at it and see if we can make it better If you recall, my point there (which, IIRC, was met with no objections in the room) was that we don't know where and how the public key will be consumed - server side, client side, what programming language the server will be written in (the server may very well be written in JS), how they split up the work, etc. So if you have an RP that doesn't care about the various attestation formats, the best/most consistent/most neutral thing for a Web API to do is to return the newly-generated public key in a web-friendly format, i.e., as a JWK. Richard, who was of the same opinion, said that he and I would make a PR that added the public key. Now, it's on him and me that hasn't happened yet, but I wanted to at least file the issue to remind ourselves that this is outstanding work- not to relitigate the underlying question. -- GitHub Notification of comment by balfanz Please view or discuss this issue at https://github.com/w3c/webauthn/issues/557#issuecomment-330362692 using your GitHub account
Received on Monday, 18 September 2017 21:32:26 UTC