Re: [webauthn] Removing “lightning” from AuthenticatorTransport (#1294)

For the non-web use case, it may be useful to define it at the protocol level but it doesn't make sense to standardize it at the web API level. For the purpose of web-facing APIs, the compat story should be that any token that reports "lightning" should be coalesced with USB.

For the WebKit client use case, our hope is to allow access at least as permissive as what clients can do with MFI, since we won't prevent any auth token phishing by making clients do the feature themselves. We cannot yet give a commitment or a timetable, so we could return to this question at that time. But in the meantime, the presence of the "lightning" value in the spec creates confusion.

-- 
GitHub Notification of comment by othermaciej
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1294#issuecomment-574996511 using your GitHub account

Received on Thursday, 16 January 2020 05:57:22 UTC