W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] Allow client to return NotAllowedError early if success is impossible

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 20 Jun 2018 11:34:50 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-398718291-1529494488-sysbot+gh@w3.org>
This is currently written as MAYs so as to be minimally breaking.

An alternative solution to the case where `authenticatorSelection` or `allowCredentials.transports` are incompatible with what the platform supports would be to add a step directly after the origin check where the client MAY return a `ConstraintError` or similar without user consent. That might be a "more" breaking change, though. There might also be implications for privacy considerations, but I think they would be very minor.

If anyone would prefer this alternative solution, please voice your support explicitly.

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/962#issuecomment-398718291 using your GitHub account
Received on Wednesday, 20 June 2018 11:34:52 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC