Re: [webauthn] Browser capability detection. (#1219)

on webauthn call today:
@akshayku's described his use case (a primary one?): user logs in, is shown promo "want to add SK?" but wants to know what the browser supports in order to tailor the promo and not have the user go thru a bunch of the ceremony to then have the ceremony fail.

@leshi relates that in the google security key experience, they learned that users were really confused if they were offered to register a security key in one browser, but not even offered in another browser. the lesson was that it was more clear to users if they go thru part of the ceremony and if the browser does not support it then fail. 

overall situation seems to be:  
@akshayku is trying to work around the situation that different versions of different browsers support none, some, (nearly) all of the webauthn spec.  and then deployers are trying to workaround these browser differences.  observed that even if this PR is landed, it would be hopefully easier to impl than the features themselves, but there of course is the possibility that there'd be browser impl skew for even this feature-discovery facility.







-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1219#issuecomment-503716622 using your GitHub account

Received on Wednesday, 19 June 2019 19:35:11 UTC