W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2021

Re: [webauthn] Remove unimplemented extensions (#1386)

From: Jan S. via GitHub <sysbot+gh@w3.org>
Date: Wed, 14 Jul 2021 13:34:26 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-879897018-1626269664-sysbot+gh@w3.org>
@emlun @arshadnoor Thanks for clarification. 

In my opinion the separation of the "passwordless authentication" into WebAuthn and CTAP2 managed by two organizations (W3C/FIDO) make it pretty hard to get the full picture of what is actually usable. 

Another level of confusion is the "level concept" of the WebAuthn standard. Typically if you use levels so level 2 includes or bases  on level 1, but as the removal of extensions shows this is not the case in WebAuthn. A third dimension of confusion is introduced by FIDO as there are the [Certified Authenticator Levels](https://fidoalliance.org/certification/authenticator-certification-levels/) - again levels that have nothing to do with WebAuthn levels. 

Why not call it as it is a "version" so we have version 1.0 and an partially incompatible version 2.0. That would be in my opinion way more easy to understand. 

-- 
GitHub Notification of comment by jpstotz
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1386#issuecomment-879897018 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 14 July 2021 13:34:27 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:44 UTC