- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Fri, 02 Jul 2021 05:44:33 +0000
- To: public-webauthn@w3.org
@bathos some of inconsistencies are from the transactional nature of the commands and that there is no guarantee that the 'visible' set of authenticators/keys will be there in-between calls. For example, attempting to update the username associated with a credential or delete a credential might involve a NFC key which the user does not have with them at the moment, or even that they may be on a machine without NFC capabilities. The UX impact of this is brought forth even more due to non-discoverable credentials not existing in an enumerable fashion outside a list of supplied credential handles, and that allowing RP enumeration of the list of available discoverable and non-discoverable credentials is a privacy risk in general. My expectation personally is that we see WebAuthn evolve to indicate broader actions, and to have the client (browser/platform) taking on more responsibility to mediate RP requests - the client has persistent state across all RPs and hardware/platform access to communicate with authenticators. -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1456#issuecomment-872733241 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 2 July 2021 05:44:35 UTC