Re: [webauthn] Removing “lightning” from AuthenticatorTransport (#1294)

I will leave it to brave and other browsers to comment on if WKWebView would work for them.
That would, however, cover most of the other use-cases other than iOS backwards compatibility.

I would be OK with taking it out of WebAuthn and keeping it in CTAP for the SDK use case but the transport hints in CTAP are referenced from WebAuthn.

WebAuthn now has RP accepting unknown values and platforms ignoring unknown values, rather than throwing errors.  The existing keys are going to continue to include the lighting string in transports.  The spec should allow that not to be an error.  

I guess we could add a note to CTAP 2.1 that the lightning transport string is not in the WebAuthn AuthenticatorTransport but SDK may use the transport string lightning to indicate that a credential may be available  via "CTAP_over_MFi"

We can remove the hint from MFi certified keys going forward if Google and others aren't going to use it, but we would like to avoid the existing lightning keys with the transports hint causing platforms to throw errors and break.



-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1294#issuecomment-572809405 using your GitHub account

Received on Thursday, 9 January 2020 23:49:07 UTC