Re: [webauthn] Identify which items in creation and assertion options are client UI/UX hints (#1618) from Emil Lundberg via GitHub on 2021-06-01 (public-webauthn@w3.org from June 2021)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 01 Jun 2021 03:41:32 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-851782029-1622518890-sysbot+gh@w3.org>

[§2. Conformance][conf] states that "A User Agent MUST behave as described by § 5 Web Authentication API in order to be considered conformant", so many of these behaviours are in fact REQUIRED of conformant clients and not just optional hints. But this could motivate some expanded discussion of the implications when the client or authenticator does not conform to those requirements, and in which cases nonconformance can be detected. I'm not sure whether that would belong in [§2. Conformance][conf], [§13. Security Considerations][sec-cons] or inline with each parameter definition etc.

Either way, I agree that many of these descriptions can be tightened up to better describe how to properly use them and/or what they will actually do (assuming the client and authenticator are conformant).

[conf]: https://w3c.github.io/webauthn/#sctn-conformance
[sec-cons]: https://w3c.github.io/webauthn/#sctn-security-considerations

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1618#issuecomment-851782029 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 1 June 2021 03:41:43 UTC