- From: Nina Satragno via GitHub <sysbot+gh@w3.org>
- Date: Wed, 10 Jul 2019 19:28:53 +0000
- To: public-webauthn@w3.org
> I presume the user agent would have an authenticator now that could respond to a makeCredential. But will it? Does it need to be selective in some way about its virtual attachment? It's possible to control if the authenticator responds to a makeCredential request with `isUserPresent` - the authenticator "simulates" a test of user presence and that flag indicates whether it passes (say, pretending a user tapped a security key) or fails. There is another layer to selectivity which is WebDriver constrains the actions to the current [session](https://w3c.github.io/webdriver/#sessions), a particular instantiation of a user agent. > What happens if I do Add Virtual Authenticator twice? Presumably the same thing that would happen if you had two real authenticators plugged in your machine. If both match the `authenticatorSelectionCriteria` and both have the `isUserPresent` bit set to `true`, it would probably be acceptable to have a race between them. We could also specify more strict behaviour (e.g. the last authenticator added resolves the request). I avoided doing this because in general I don't think it's a useful case to test. > I'm guessing that someone would implement this as a soft-HID device, maybe, that listened for these commands? Or does the user agent need to do that? WebDriver extensions are implemented by user agents, so the user agent has to provide this virtual authenticator. This is similar to how the [Generic Sensor API](https://www.w3.org/TR/generic-sensor/#automation) provides automation capabilities for testing. -- GitHub Notification of comment by nsatragno Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1256#issuecomment-510196226 using your GitHub account
Received on Wednesday, 10 July 2019 19:28:56 UTC