Re: [webauthn] Identify which items in creation and assertion options are client UI/UX hints (#1618) from Emil Lundberg via GitHub on 2021-06-01 (public-webauthn@w3.org from June 2021)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 01 Jun 2021 05:13:03 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-851811181-1622524381-sysbot+gh@w3.org>

Of course if the parameters are altered before they reach the call into the client API then the result may be different, I don't think we should have to point that out. The RP operations also contain an explicit step for verifying the UV flag of the response.

As for the [`authenticatorAttachment`](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#dom-authenticatorselectioncriteria-authenticatorattachment) parameter, I agree we should make it clearer that the actual outcome might be determined using [`getTransports()`](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#dom-authenticatorattestationresponse-gettransports). The [`ResidentKeyRequirement`](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#enumdef-residentkeyrequirement) description similarly points to the [`credProps` extension](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credprops) for checking whether the new credential ended up discoverable.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1618#issuecomment-851811181 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 1 June 2021 05:13:15 UTC