- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Mon, 23 Apr 2018 14:09:45 +0000
- To: public-webauthn@w3.org
For the record, I think that consistency with CTAP2 isn't really necessary in this case. CTAP2 specifies a 1-to-1 client-to-authenticator interaction while WebAuthn specifies a 1-to-many client-to-authenticator interaction, so I think it makes sense to handle the case differently on the two levels. >I wonder whether the browser folk are reticent to directly provide UX of this sort because of the desires for RPs to have fine-grained control over such UX [...] Good point. My concern with the solution proposed here is how it would interact with combinations of multiple authenticators. Multiple blinking USB dongles is one thing, and likely a minority use case, that might be a little annoying but probably quite harmless - but what about platform authenticators? If this would mean that USB dongles would light up _and_ an OS popup would appear on every authentication even if the platform authenticator isn't eligible, I suspect that might be more disorienting than helpful. All of this is speculation, though - I'd be happy to re-evaluate my position if there are any user studies (of any size) on this. And then again there's the UX customization issue which could hurt adoption. I don't really feel qualified to tell which is the lesser evil... -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/863#issuecomment-383588683 using your GitHub account
Received on Monday, 23 April 2018 14:09:52 UTC