W3C home > Mailing lists > Public > public-webauthn@w3.org > August 2019

Re: [webauthn] Specify authenticator attachment for authentication operation (#1267)

From: Arshad Noor via GitHub <sysbot+gh@w3.org>
Date: Fri, 09 Aug 2019 20:37:45 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-520055836-1565383064-sysbot+gh@w3.org>

Your situation is not unlike that of most RPs - they ALL have a small number of users who are the outliers to the standard use-case they want to solve in the most perfect manner possible.  But, if every RP takes this approach, there is a non-zero probability that the FIDO ecosystem will miss solving the problem for a significant number of "minority group" users; this is what causes new and promising technologies to fail in the market.  As a technology professional who has been striving for 20 years to make public-key based strong-authentication simpler for end-users , that is unacceptable.

With all due respect to the hard work of all the people and companies in the FIDO ecosystem who are trying to make FIDO2-based authentication ubiquitous, I would encourage all of us to solve the simpler problem - educate the ecosystem and depend on their knowledge and judgement to make the right decisions.  For any RP to make such broad assumptions about what is perfect for their user-community is an evolving illusion that can only lead to failure.  Better to do what is right once and for all, educate EVERYBODY and let them exercise their judgement at each RP site with some standardized messages.  That problem, IMO, is far simpler to address with our collective efforts than to customize every RP website for whatever the RP believes their users want to see.

GitHub Notification of comment by arshadnoor
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1267#issuecomment-520055836 using your GitHub account
Received on Friday, 9 August 2019 20:37:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:06 UTC