W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2021

Re: [webauthn] Cleanup when creating discoverable credentials with attestations (#1560)

From: Arshad Noor via GitHub <sysbot+gh@w3.org>
Date: Thu, 04 Feb 2021 19:47:14 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-773560973-1612468034-sysbot+gh@w3.org>
While the UX is definitely important, David, the W3C group may choose not to prioritize it since it does require new APIs to be defined to interact with the Authenticator - which is in the CTAP domain and outside the scope of the WebAuthn group. Given that CTAP also supports non-browser interactions with the Authenticator (for Windows Login, managing HMAC keys that aren't used by WebAuthn), there is likely to be broader interest for such an SPI at the FIDO Alliance. 

However, once such an SPI is defined, there is no reason to believe that the WebAuthn group might not standardize a subset of that SPI in JavaScript APIs to support the same functions. It would benefit the ecosystem to have the Authenticator manufacturers create the SPI to support all necessary functions for Authenticator Key Management, while allowing the W3C and/or others to standardize the UX for browsers and elsewhere.

GitHub Notification of comment by arshadnoor
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1560#issuecomment-773560973 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 4 February 2021 19:47:16 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:42 UTC