- From: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
- Date: Wed, 23 Mar 2022 09:25:17 +0000
- To: public-webauthn@w3.org
Just for the sake of completeness, I would like to emphasize some current hurdles from an outsiders perspective. Currently, the objects you get from `credentials.create` are... 1. binary, it's not human readable, making it harder to understand and debug 2. it uses an exotic binary format requiring external libs to decode it 3. you have to re-encode in json anyway to send it over the wire 4. the format itself is complex and varies depending on the authenticator 5. it doesn't use other well known RFCs like JWT for signing content Instead of dealing with the complex formats and diversity at the source, it feels like shifting the responsibility and effort to those using it. It would have been nice if either the Browsers/Authenticators would take care of a "standardized" signature and simple readable json metadata. Instead, it is left relatively untouched, as cryptic binary structures, that millions of "relying parties" have to deal with ...hoping they do it right. I guess there are some things that "cannot be changed" because it is outside of your control, resulting in difficult compromises. Nevertheless, I think one big step forward would be if this spec ensures the results are homogenized, simple and human readable. -- GitHub Notification of comment by dagnelies Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1709#issuecomment-1076140146 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 23 March 2022 09:25:20 UTC