Re: [webauthn] Credential Creation Options are inconsistent to Request (#1716) from Firstyear via GitHub on 2022-04-05 (public-webauthn@w3.org from April 2022)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Apr 2022 22:40:35 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1089459250-1649198433-sysbot+gh@w3.org>

A really good example is that we may only want a specific vendor of usb authenticators to be used - then there is no need to display options for caBLE which in fact will confuse users "why can't I register my phone". 

As well, we *have* these options for authentication today, why are the not able to be consistent? 

> but report their [getTransports()](https://w3c.github.io/webauthn/#dom-authenticatorattestationresponse-gettransports) as ["ble", "internal"] regardless of how they were attached during registration. That should resolve most of the ambiguity around those being both platform and cross-platform credentials depending on context.

The issue here is you need to do a full registration cycle to getTransports() and *then* the RP can reject this, which will annoy the user more.



-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1716#issuecomment-1089459250 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 5 April 2022 22:40:36 UTC