W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2019

Re: [webauthn] Add explanatory note to step 3 in authenticatorMakeCredential (#1326)

From: robbieS via GitHub <sysbot+gh@w3.org>
Date: Sat, 16 Nov 2019 17:58:08 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-554659735-1573927086-sysbot+gh@w3.org>
diff --git a/index.bs b/index.bs
index a36b66cf..55a2162e 100644
--- a/index.bs
+++ b/index.bs
@@ -3453,6 +3453,15 @@ When this operation is invoked, the [=authenticator=] MUST perform the following
             ::  return an error code equivalent to "{{NotAllowedError}}" and terminate the operation.
         </dl>
 
+        Note: The purpose of this [=authorization gesture=] is not to proceed with creating a credential,
+        but for privacy reasons to authorize disclosure of the fact that
+        <code>|descriptor|.{{PublicKeyCredentialDescriptor/id}}</code> is [=bound credential|bound=] to this [=authenticator=].
+        If the user consents, the [=client=] and [=[RP]=] can detect this and guide the user to use a different [=authenticator=].
+        If the user does not consent,
+        the [=authenticator=] does not reveal that <code>|descriptor|.{{PublicKeyCredentialDescriptor/id}}</code>
+        is [=bound credential|bound=] to it,
+        and responds as if the user simply declined consent to create a credential.
+
 1. If |requireResidentKey| is [TRUE] and the authenticator cannot store a [=client-side-resident public key credential source=],
     return an error code equivalent to "{{ConstraintError}}" and terminate the operation.
 1. If |requireUserVerification| is [TRUE] and the authenticator cannot perform [=user verification=], return an error code

-- 
GitHub Notification of comment by Robbiesmo
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1326#issuecomment-554659735 using your GitHub account
Received on Saturday, 16 November 2019 17:58:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:08 UTC