- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Thu, 14 Mar 2019 12:21:12 +0000
- To: public-webauthn@w3.org
>Other credential properties MAY be returned in this extension.
I'm positive to this idea, but I think we'd better try to make sure that nonstandard property additions don't collide with any standard properties added in the future. I see a few obvious ways to do this:
1. Require that any new property names are added to the [WebAuthn registry][reg].
2. Require that any nonstandard property names begin with `x-`, or similar, as is done in many other standards like HTTP headers.
3. Add a second optional property containing an unspecified dictionary, something like:
```
partial dictionary CredentialPropertiesOutput {
boolean rk;
dictionary ext;
};
```
where anything may be added in the `ext` dictionary. I'm not completely sure WebIDL allows this, though.
Alternatively we can just forbid nonstandard properties instead. What do others think?
[reg]: https://tools.ietf.org/html/draft-hodges-webauthn-registries-02
--
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/991#issuecomment-472829869 using your GitHub account
Received on Thursday, 14 March 2019 12:21:15 UTC