W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] include public key in result from create()

From: balfanz via GitHub <sysbot+gh@w3.org>
Date: Mon, 18 Sep 2017 21:32:34 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-330362692-1505770343-sysbot+gh@w3.org>
Hi Angelo, 

thanks for pointing to the meeting notes again. :-) I'll highlight the relevant passages:

> Dirk: the browser should take care of the complexity. Another point is that we shouldn't have to worry about making a distinction between server and the frontend JS
> ...
> Richard: [...] I and Dirk will look at it and see if we can make it better

If you recall, my point there (which, IIRC, was met with no objections in the room) was that we don't know where and how the public key will be consumed - server side, client side, what programming language the server will be written in (the server may very well be written in JS), how they split up the work, etc. 

So if you have an RP that doesn't care about the various attestation formats, the best/most consistent/most neutral thing for a Web API to do is to return the newly-generated public key in a web-friendly format, i.e., as a JWK.

Richard, who was of the same opinion, said that he and I would make a PR that added the public key. Now, it's on him and me that hasn't happened yet, but I wanted to at least file the issue to remind ourselves that this is outstanding work- not to relitigate the underlying question.

GitHub Notification of comment by balfanz
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/557#issuecomment-330362692 using your GitHub account
Received on Monday, 18 September 2017 21:32:26 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC