Re: [webauthn] conditional UI via mediation (#1576) from Nina Satragno via GitHub on 2021-10-27 (public-webauthn@w3.org from October 2021)

From: Nina Satragno via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 Oct 2021 19:46:36 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-953255412-1635363993-sysbot+gh@w3.org>

Hey @equalsJeffH, thank you for your quick review on my rough draft!

> IIUC we are intending conditional mediation to be applicable to all available authenticators, including available roaming authenticators.

Fixed to be "authenticators supporting credential discovery".

> The user is being prompted from both credman's "request a credential" (step 7.5) and here in [[DiscoverFromExternalSource]]'s step 20's "If conditionalFlow is true and the user interacts with an input form control with a "webauthn" autocomplete autofill hint set," branch?

That's already the case for vanilla webauthn! Credman is a little confusing there since the ["request a credential" step](https://w3c.github.io/webappsec-credential-management/#algorithm-request) [asks the user to "choose a credential"](https://w3c.github.io/webappsec-credential-management/#abstract-opdef-ask-the-user-to-choose-a-credential) before even calling [[DiscoverFromExternalSource]]! Credman allows the user to select an "interface object" that represents a kind of credential (WebAuthn being the only one that exists). In reality, that selection never actually happens because A) WebAuthn is not supported in conjunction with other credential types so it's the only available option and B) webauthn credential selection requires some user interaction regardless of the mediation requirement.

At least that's my understanding after reading the whole thing several times, I might be wrong!

> To override Credential's isConditionalMediationAvailable()'s default implementation, we define an implementation here, rather than attempt to override it using webidl's "partial interface". See the very last paragraph of section 5.1. PublicKeyCredential Interface: "PublicKeyCredential's interface object inherits Credential's implementation of ... and defines its own implementation of ... " (yeah, it's subtle/obtuse)

Done.

--

I added a bunch of things that were missing and moved things around. Can you take another look? Thank you! ^_^

-- 
GitHub Notification of comment by nsatragno
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1576#issuecomment-953255412 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 27 October 2021 19:46:37 UTC