W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] Allow client to return NotAllowedError early if success is impossible

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 20 Jun 2018 11:34:50 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-398718291-1529494488-sysbot+gh@w3.org>
This is currently written as MAYs so as to be minimally breaking.

An alternative solution to the case where `authenticatorSelection` or `allowCredentials.transports` are incompatible with what the platform supports would be to add a step directly after the origin check where the client MAY return a `ConstraintError` or similar without user consent. That might be a "more" breaking change, though. There might also be implications for privacy considerations, but I think they would be very minor.

If anyone would prefer this alternative solution, please voice your support explicitly.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/962#issuecomment-398718291 using your GitHub account
Received on Wednesday, 20 June 2018 11:34:52 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC