- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Fri, 19 Apr 2019 12:24:46 +0000
- To: public-webauthn@w3.org
I am also thinking more about this recently although my case is slightly broader. Our MSA adoption has similar difficulties figuring out what is supported in which platform/browser combination. Not all browsers are writing code at same pace even if they agree to adopt the full spec. And every time a platform/browser comes into supporting something, asking RPs to update their logic for that combination is not sustainable. For example, certain browser may never support external authenticators. Another example, in one case, there are resource constraints somewhere in implementing the spec. Right now there is no way to know that. This is leading into unpleasant experience of the users and has really greater negative impact on RPs adoption. One case specific to extension is credProtect extension that we came up recently. If a browser don't support it, as an RP, he may not want to provide certain scenarios. I am thinking of clientGetInfo similar to authenticatorGetInfo where one can tell what it supports. We would really want to write RP code getting capabilities from the browser instead of figuring out which combination(detection of that is very fragile) works. We want to write RP code one time and not update it every time some platform/browser combination becomes available. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1199#issuecomment-484878556 using your GitHub account
Received on Friday, 19 April 2019 12:24:49 UTC