- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Tue, 01 May 2018 18:07:12 +0000
- To: public-webauthn@w3.org
Have included the suggestions above, save for deleting “removable” from the `usb` transport. There are two things going on here: Firstly, we want RPs to be able to show UI based on the transport and know about the transport generally. This is (I believe) the reason that FIDO wedged this information in the attestation certificate for U2F. As part of this, we need an `internal` value to handle (real world) cases like “it's attached via an I²C bus to the application processor”—things that we can't handle today. Secondly, we want RPs to echo this information back down to the client so that we don't, for example, prompt the user to insert an external device when the RP knows that it's a platform authenticator. We are conflating the transport and the attachment here and another design for this would be to plumb an attachment down when getting an assertion. The reason that we're not is that we suspect that many will not get subtle points, like setting the attachment mode, correct, but they're more likely to be able to copy a value from the registration into each request. (Maybe we could plumb an explicit attachment up in the registration too for them to copy? I should let Christiaan take this point since he speaks to a lot of potential RPs.) Anyway, for this second motivation, we want to make `internal` mean that it's a platform authenticator. -- GitHub Notification of comment by agl Please view or discuss this issue at https://github.com/w3c/webauthn/pull/882#issuecomment-385743344 using your GitHub account
Received on Tuesday, 1 May 2018 18:07:15 UTC