W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2019

[webauthn] Consistency between scenario "Registration specifically with UVPA" and former removal of confirmation prompt (#1178)

From: SphinxKnight via GitHub <sysbot+gh@w3.org>
Date: Sun, 10 Mar 2019 18:06:54 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-419214221-1552241212-sysbot+gh@w3.org>
SphinxKnight has just created a new issue for https://github.com/w3c/webauthn:

== Consistency between scenario "Registration specifically with UVPA" and former removal of confirmation prompt ==
_Warning: real newbie (and non native English writer) issue here, which I think is just a copy-edit issue. Please close this if necessary. I did not find any duplicate issue about that but correct me if needed._

While documenting the [`isUVPAA()`](https://w3c.github.io/webauthn/#dom-publickeycredential-isuserverifyingplatformauthenticatoravailable) method for [MDN](https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential/isUserVerifyingPlatformAuthenticatorAvailable), I stumbled across [the corresponding scenario](https://w3c.github.io/webauthn/#sample-registration-with-platform-authenticator).

In this [scenario](https://w3c.github.io/webauthn/#sample-registration-with-platform-authenticator):
* step 4 and 5 describe user involvment and consent
* in the example, the identifier `userIntent` is used
This led me to believe that there was indeed the need for user consent during the client-platform process. After reading through some articles reinforcing this idea, I found out https://github.com/w3c/webauthn/pull/904#pullrequestreview-119818144 and https://github.com/w3c/webauthn/commit/ad22fce9fbe6685490dd767bb52445e600c9af88 which removed such idea of any user consent. Therefore, the content of the scenario may not properly be consistent with the rest of the specification and especially with the description of `isUVPAA()`.

I think the corresponding fix could be:
* rewording steps 4 and 5 (maybe merge them into a single step)
* reword the `userIntent` variable in the code example
* reword the comment stating "If the user has affirmed willingness..." in the code example.



Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1178 using your GitHub account
Received on Sunday, 10 March 2019 18:06:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:02 UTC