- From: robbieS via GitHub <sysbot+gh@w3.org>
- Date: Sat, 16 Nov 2019 17:58:08 +0000
- To: public-webauthn@w3.org
diff --git a/index.bs b/index.bs
index a36b66cf..55a2162e 100644
--- a/index.bs
+++ b/index.bs
@@ -3453,6 +3453,15 @@ When this operation is invoked, the [=authenticator=] MUST perform the following
:: return an error code equivalent to "{{NotAllowedError}}" and terminate the operation.
</dl>
+ Note: The purpose of this [=authorization gesture=] is not to proceed with creating a credential,
+ but for privacy reasons to authorize disclosure of the fact that
+ <code>|descriptor|.{{PublicKeyCredentialDescriptor/id}}</code> is [=bound credential|bound=] to this [=authenticator=].
+ If the user consents, the [=client=] and [=[RP]=] can detect this and guide the user to use a different [=authenticator=].
+ If the user does not consent,
+ the [=authenticator=] does not reveal that <code>|descriptor|.{{PublicKeyCredentialDescriptor/id}}</code>
+ is [=bound credential|bound=] to it,
+ and responds as if the user simply declined consent to create a credential.
+
1. If |requireResidentKey| is [TRUE] and the authenticator cannot store a [=client-side-resident public key credential source=],
return an error code equivalent to "{{ConstraintError}}" and terminate the operation.
1. If |requireUserVerification| is [TRUE] and the authenticator cannot perform [=user verification=], return an error code
--
GitHub Notification of comment by Robbiesmo
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1326#issuecomment-554659735 using your GitHub account
Received on Saturday, 16 November 2019 17:58:10 UTC