W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2019

Re: [webauthn] Supply an “intention" member in PublicKeyCredentialCreationOptions dictionary (#1292)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Fri, 13 Sep 2019 00:01:36 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-531050691-1568332895-sysbot+gh@w3.org>
We've heard from sites that the number of options in WebAuthn is confusing and that they have issues mapping from a user experience that they have in mind, to a concrete set of options.

This issue strikes me as the same thing in reverse: a platform having issues mapping from a set of options to a concrete intent.

While we could add an extra option to make the mapping to the intent explicit, really it should be encoded in the existing options if we nail down the translation. At that point, an extra "intent" option would, at best, be duplicative and could be contradictory, begging the question of what to do when there's a mismatch.

#1300 contains the start of an update to section 1.2 of the spec that seeks (although it is currently incomplete) to provide an explicit mapping from intent to options, and thus also define an implicit mapping in the other direction. I needs a lot more fleshing out, but we're hoping that it could satisfy this need.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1292#issuecomment-531050691 using your GitHub account
Received on Friday, 13 September 2019 00:01:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:07 UTC