- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Tue, 08 Aug 2023 01:45:05 +0000
- To: public-webauthn@w3.org
I believe [@nicksteele's positively-received response towards the end of #1901](https://github.com/w3c/webauthn/pull/1901#issuecomment-1595180860) is the best rationale for keeping the definition of "passkey" in the spec: > Unfortunately the term passkey has already been introduced to the standard indirectly, because passkeys are a type of WebAuthn credential and it's weird to treat them like we're saying Voldemort's name. Passkeys have existed for over a year, they are a relatively understood concept amongst this community, and in my opinion, to _avoid_ saying the word passkey would cause _more_ confusion and hinder any greater understanding of it by the dev community at large. Trying to not say 'passkey' by replacing it with `isUserVerifyingPlatformAuthenticatorOrHybridTransportAvailable` is just going to be far and away more confusing and less helpful than calling `isPasskeyAvailable` > > > there are no less than 4 definitions of passkey > > Well that's a great reason to say the definition _here_, in the standard, from which passkeys are based. To @emlun's point we don't even need to define it ourselves, just link or reiterate FIDO's definition. I'd be fine adding a note or normalizing the FIDO definition to coincide with spec terminology, but I'd also say we have the most authority outside of the FIDO alliance to say what a passkey is or isn't. > > Passkeys are going to be the majority type of credential used with the WebAuthn API, to avoid the term because some other companies have already defined it incorrectly is cutting off the nose to spite the face. I strongly believe that developers who want to investigate the technical definition of what a "passkey" is won't go digging into the FIDO Alliance side of docs. Rather they'll come here directly to the WebAuthn spec or intuit things based on what they read on developer-centric sites like [MDN](https://developer.mozilla.org/) or https://passkeys.dev who distill our work into actionable developer-centric insights. The cat's out of the bag, and not offering an authoritative definition of what "passkey" is in the context of WebAuthn will ultimately harm WebAuthn adoption. The FIDO Alliance does important work, no doubt, but when it comes to websites it's the W3C and its specs that have outweighed impact on those who are the ultimate consumers of the WAWG and its outputs. Therefore I think it is our prerogative to include a definition for passkeys, and so I support **Option 1**. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1939#issuecomment-1668788362 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 8 August 2023 01:45:07 UTC