W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

Re: [webauthn] Clarify examples: 1.1.1. Registration / 1.1.2. Authentication

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 24 Apr 2018 12:34:43 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-383913841-1524573282-sysbot+gh@w3.org>
I agree it would be good to clarify this explicitly.


Regarding push notifications: I don't think one app and protocol per RP would be necessary to do that "today" - there just needs to be a way for the browser to locate the smartphone. So it should be possible for Mozilla, for example, to provide a "Firefox Authenticator" phone app that would receive push notifications from Mozilla servers, and allow using the phone as an authenticator with any RP in Firefox. The RP wouldn't know to prompt the user to look at their phone, but the browser could.

It wouldn't be portable between browsers, of course, but I think that kind of thing should be _possible_ to do within the spec as currently written. A standardised protocol to enable this without centralised relay servers would be nice of course, but that's way out of scope for a first version of WebAuthn.

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/874#issuecomment-383913841 using your GitHub account
Received on Tuesday, 24 April 2018 12:34:45 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC