W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2021

Re: [webauthn] Add a way to use webauthn without Javascript (#1255)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Wed, 10 Nov 2021 09:20:43 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-964931481-1636536041-sysbot+gh@w3.org>
Transport issues such as base64 vs binary field values are not nearly as interesting as the user experience and abstract protocol.

Are people expecting this to work as a HTTP Authentication Header protocol? As new attributes embedded into an HTML form? Or in some other manner entirely? What is the expected user experience? How does that experience degrade if the user e.g. cancels or taps an authenticator that does not meet server policy?

In all honesty, we would be better off representing the whole response as base64url-encoded CBOR if we were talking about ease-of-transmission to the relying party server. Use of JSON is optional for constructing requests and verifying responses, use of CBOR and COSE and the processing of other binary-structured messages are not.

-- 
GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1255#issuecomment-964931481 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 10 November 2021 09:20:45 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:44 UTC