Re: [webauthn] TokenBindingId value doesn't permit the U2F "unused" value

Seems reasonable to me. I agree with making it a separate property instead of a magic value.

If we rename the `CollectedClientData` property from `tokenBindingId` to `tokenBinding`, we could call the `TokenBinding` property just `id` instead of `tokenBindingId`.

`status: "present"` seems a bit redundant, since that would be implied if the `tokenBindingId` property exists. So perhaps it could even be reduced to this?

```
dictionary TokenBinding {
  optional boolean supported;
  optional DOMString id;
};
```

Then we would have the cases

- `{ "tokenBinding": { "id": "abcd" } }`: supported and used;
- `{ "tokenBinding": { "supported": true } }`: supported but not used;
- `{}`, `{ "tokenBinding": {} }`, `{ "tokenBinding": { "supported": false } }`: not supported.

But perhaps this makes the logic too convoluted. @kpaulh's proposal does look good to me as is.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/798#issuecomment-365266680 using your GitHub account

Received on Tuesday, 13 February 2018 13:35:16 UTC