- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Wed, 02 Aug 2023 21:30:07 +0000
- To: public-webauthn@w3.org
So as per the last WG meeting, the original `client-pin-entry` capability didn't make sense because, among other things, it couldn't ever know if security keys were usable on a mobile device during hybrid registration or authentication. But a thought occurred to me last night: what if instead `getClientCapabilities()` gained a "`localClientPinEntry`" capability instead? This would communicate whether **the client on the access device** is capable of prompting for a PIN from a security key, specifically ignoring the question of whether it'd be possible via hybrid. Perhaps there's value in being able to know that vs having no way at all to detect scenarios in which security keys are unavailable for whatever reason, but hybrid or platform auth are possible. I'll bring this back up on the next WG meeting. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1923#issuecomment-1662989250 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 2 August 2023 21:30:09 UTC