Re: [webauthn] Possibility to filter diplayed authenticators by certified level (#1816) from Jean Dim via GitHub on 2022-11-10 (public-webauthn@w3.org from November 2022)

From: Jean Dim via GitHub <sysbot+gh@w3.org>
Date: Thu, 10 Nov 2022 14:36:24 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1310386878-1668090982-sysbot+gh@w3.org>

Thank you for your feedback.
The user experience is key in particular into payment context. Due to too much friction during EMV 3DS authentication flow, merchants complained to EMVCo for a low conversion rate ( cart abandonment, unsuccessful challenge, annoyed consumer, bad experience...). Card networks are putting more stress on banks to improve frictionless experience (by improving silent authentication method and accept exemption or delegation in largest scale). SPC has been integrated into EMV 3DS latest version (2.3.1) as alternative to current authentication challenges flow. Even if credential enrollment stage is still an ongoing discussion, some ACS choose to add it within payment flow (for convenience. After successful challenge, the ACS asks the consumer if he wants to use biometric for next time, for instance). If the user experience does not reach expectation it could lead to a barrier to SPC adoption.

#1688 contains interesting thoughts, especially **issuecomment-1008743434** emphasizing the possibility to use
webAuthn extension [authnSel ](https://www.w3.org/TR/2019/REC-webauthn-1-20190304/#sctn-authenticator-selection-extension). With this possibility, we could avoid "post" filtering and then, improve user experience.

However, it has been removed on Level2 specification for lack of client implementations (refer to #1386 )
But if this extension is still available on authenticators (as still present into [IANA](https://www.iana.org/assignments/webauthn/webauthn.xhtml) available webAuthn extension) , and solve the user experience issue on RP side, maybe we could considere reintroduce it into the spec ?

--
GitHub Notification of comment by JeanDim
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1816#issuecomment-1310386878 using your GitHub account

--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 10 November 2022 14:36:25 UTC