Re: [webauthn] Supply an “intention" member in PublicKeyCredentialCreationOptions dictionary (#1292)

We've heard from sites that the number of options in WebAuthn is confusing and that they have issues mapping from a user experience that they have in mind, to a concrete set of options.

This issue strikes me as the same thing in reverse: a platform having issues mapping from a set of options to a concrete intent.

While we could add an extra option to make the mapping to the intent explicit, really it should be encoded in the existing options if we nail down the translation. At that point, an extra "intent" option would, at best, be duplicative and could be contradictory, begging the question of what to do when there's a mismatch.

#1300 contains the start of an update to section 1.2 of the spec that seeks (although it is currently incomplete) to provide an explicit mapping from intent to options, and thus also define an implicit mapping in the other direction. I needs a lot more fleshing out, but we're hoping that it could satisfy this need.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1292#issuecomment-531050691 using your GitHub account

Received on Friday, 13 September 2019 00:01:37 UTC