[webauthn] What does "the extension was acted upon" mean for the AppID extension? from Emil Lundberg via GitHub on 2018-07-03 (public-webauthn@w3.org from July 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 03 Jul 2018 10:02:04 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-337829179-1530612122-sysbot+gh@w3.org>

emlun has just created a new issue for https://github.com/w3c/webauthn:

== What does "the extension was acted upon" mean for the AppID extension? ==
[§10.1. FIDO AppID Extension (appid)][appid] reads:

>**Client extension output**
>Returns the value `true` to indicate to the RP that the extension was acted upon.

What exactly does "the extension was acted upon" mean? I see at least two ways to interpret this:

1. The output is `true` if and only if the extension was processed - regardless of which of the RP ID and AppID were ultimately used.
2. The output is `true` if and only if the extension was processed AND the AppID was used instead of the RP ID.

I think a strict technical reading would conclude (1), but I think that most readers would expect (2). For example, the suggestion "10.1. FIDO AppID Extension (appid)" in #980 seems to be based on interpretation (2).

[appid]: https://w3c.github.io/webauthn/#sctn-appid-extension

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/982 using your GitHub account

Received on Tuesday, 3 July 2018 10:02:08 UTC