W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2019

[webauthn] Supply an “intention" member in PublicKeyCredentialCreationOptions dictionary (#1292)

From: Jiewen Tan via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Sep 2019 20:03:44 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-489367952-1567627423-sysbot+gh@w3.org>
alanwaketan has just created a new issue for https://github.com/w3c/webauthn:

== Supply an “intention" member in PublicKeyCredentialCreationOptions dictionary ==
a) Proposed changes to the spec:

```
dictionary PublicKeyCredentialCreationOptions {
    …
    CredentialCreationIntention intention;
};
```

**intention, of type CredentialCreationIntention**
&nbsp;&nbsp;&nbsp;&nbsp;This OPTIONAL member contains the purpose of the relying party to create the public key credential. This allows the user agent to better describe the intention in its own UI.

```
enum CredentialCreationIntention  {
    “sole-first-factor”,
    “alternative-first-factor”,
    “second-factor"
};
```

A public key credential created by this API can be used for various different purposes. This enumeration defines intentions as to how the about-to-create credential will be used.

**_sole-first-factor_**
&nbsp;&nbsp;&nbsp;&nbsp;Indicates the intention is to use the public key credential as the only factor for authentication. If a password is used previously, this indicates the about-to-create credential will replace that password.
**_alternative-first-factor_**
&nbsp;&nbsp;&nbsp;&nbsp;Indicates the intention is to use the public key credential as an alternative method for authentication. If a password is used previously, this indicates that either the password or the about-to-create credential could be used for any given authentication.
**_second-factor_**
&nbsp;&nbsp;&nbsp;&nbsp;Indicates the intention is to use the public key credential as a second factor together with other factors for authentication. If a password is used previously, this indicates the about-to-create credential will be used together with that password.

b) Reasons:

The “intension" member is to describe the purpose of the relying party to create the public key credential, for example, a password alternative, a password replacement or a second factor. Such string is useful for user agents that provide a dedicated UI for instructing users to use WebAuthn, so that user agents can provide more context to their users of what this operation is intended to do instead of providing a generic string. For example, instead of “Use your security key with example.com”, user agents now could suggest “Do you want to _create a second factor_ using your security key with example.com?”. From the user perspective, users can now reason what the user agent asks for instead of guessing. Even though relying parties could have already explained the intention to users before calling WebAuthn API, it is still very useful to channel this intention all the way to the screen where users are actually taking the final action.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1292 using your GitHub account
Received on Wednesday, 4 September 2019 20:04:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:07 UTC