[webauthn] [[preventSilentAccess]] seems incorrect (#1956) from Emil Lundberg via GitHub on 2023-08-31 (public-webauthn@w3.org from August 2023)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 31 Aug 2023 12:42:12 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1875453986-1693485730-sysbot+gh@w3.org>

emlun has just created a new issue for https://github.com/w3c/webauthn:

== [[preventSilentAccess]] seems incorrect ==
The section [§5.1.6. Preventing Silent Access to an Existing Credential - PublicKeyCredential’s [[preventSilentAccess]](credential, sameOriginWithAncestors) Method](https://w3c.github.io/webauthn/#sctn-preventSilentAccessCredential) describes `preventSilentAccess` as an internal method of `Credential`, but it is in fact a [public method of `CredentialsContainer`](https://w3c.github.io/webappsec-credential-management/#dom-credentialscontainer-preventsilentaccess). As such, I don't think this belongs as a subsection of [§5.1. PublicKeyCredential Interface](https://w3c.github.io/webauthn/#iface-pkcredential), because there is no `preventSilentAccess()` method in the interface - it's on the `navigator.credentials` object.

The section was added in PR #758, in response to issue #565. I think it does makes sense to keep the mention that the method has no effect on WebAuthn credentials. Maybe we could move that to the end of [§5.1. PublicKeyCredential Interface](https://w3c.github.io/webauthn/#iface-pkcredential), where we describe some other relations to the `Credential` supertype?

>**§5.1. `PublicKeyCredential` Interface**
>[...]
>[PublicKeyCredential](https://w3c.github.io/webauthn/#publickeycredential)'s [interface object](https://webidl.spec.whatwg.org/#dfn-interface-object) inherits [Credential](https://w3c.github.io/webappsec-credential-management/#credential)'s implementation of [[[CollectFromCredentialStore]](origin, options, sameOriginWithAncestors)](https://w3c.github.io/webappsec-credential-management/#collectfromcredentialstore-origin-options-sameoriginwithancestors), and defines its own implementation of [[[Create]](origin, options, sameOriginWithAncestors)](https://w3c.github.io/webauthn/#dom-publickeycredential-create-slot), [[[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)](https://w3c.github.io/webauthn/#dom-publickeycredential-discoverfromexternalsource-slot), and [[[Store]](credential, sameOriginWithAncestors)](https://w3c.github.io/webappsec-credential-management/#store-credential-sameoriginwithancestors).

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1956 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 31 August 2023 12:42:15 UTC