W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] appid extension: value when not acted upon?

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 20 Jun 2018 21:37:38 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-398905762-1529530657-sysbot+gh@w3.org>
>  I believe that the spec is already clear that if the extension was ignored, no value is to be returned. 

hm, might u please be able to point to where in the spec we explicitly say that?  I'm not finding it, and if it's presently only implicit (as it seems to be per @apowers313 orig post), am thinking we ought to make it explicit. Something like saying:

OLD:
> Likewise, any authenticator extension that does not otherwise require any result values MUST return a value and SHOULD return a CBOR Boolean authenticator extension output result, set to `true` to signify that the extension was understood and processed.

NEW:
> Likewise, any authenticator extension that does not otherwise require any result values MUST return a value and SHOULD return a CBOR Boolean authenticator extension output result, set to `true` to signify that the extension was understood and processed. Finally, there MUST NOT be any values returned for ignored extensions.

Also, I'm assuming that for an extension that is "[supported but not acted upon](https://github.com/w3c/webauthn/issues/948#issue-331849551)" equals "ignored", as well as "unsupported" also equaling "ignored".

WDYT?


-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/948#issuecomment-398905762 using your GitHub account
Received on Wednesday, 20 June 2018 21:37:41 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC