[webauthn] Closed Pull Request: DRAFT: Backup eligibility parameter during registration from Emil Lundberg via GitHub on 2022-07-13 (public-webauthn@w3.org from July 2022)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Jul 2022 19:32:55 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.closed-963394944-1657740773-sysbot+gh@w3.org>

emlun has just closed emlun's pull request 1744 for https://github.com/w3c/webauthn:

== DRAFT: Backup eligibility parameter during registration ==
Brainstorm idea for #1739. This is meant to facilitate discussion, not a fully-formed proposal.

Something like this would enable the client to optimize the user interaction to increase the chance that the registration completes successfully. I note in https://github.com/w3c/webauthn/issues/1714#issuecomment-1084473966 that since we now have the `BS` and `BE` flags in the authenticator data, that to me signals that this is a significant credential property that there should perhaps be a feature toggle for.

However the argument against (again, see https://github.com/w3c/webauthn/issues/1714#issuecomment-1084473966) is that we don't want RPs to see this as a "make it more secure" parameter and just set it to `"forbidden"` without further consideration. So in order to respect the interests of the user, this proposal allows the client to let the user override the RP's preference if desired.

Perhaps something like this could be a reasonable middle-ground? Is the risk of ecosystem fragmentation still too great? Is it not powerful enough to be useful to RPs? Discuss!

<!--
This comment and the below content is programmatically generated.
You may add a comma-separated list of anchors you'd like a
direct link to below (e.g. #idl-serializers, #idl-sequence):

Don't remove this comment or modify anything below this line.
If you don't want a preview generated for this pull request,
just replace the whole of this comment's content by "no preview"
and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/pull/1744.html" title="Last updated on Jun 9, 2022, 9:58 PM UTC (f6db880)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/1744/9622388...f6db880.html" title="Last updated on Jun 9, 2022, 9:58 PM UTC (f6db880)">Diff</a>

See https://github.com/w3c/webauthn/pull/1744

--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 13 July 2022 19:32:57 UTC