- From: Thomas Duboucher via GitHub <sysbot+gh@w3.org>
- Date: Tue, 03 Jan 2023 11:30:31 +0000
- To: public-webauthn@w3.org
Worked a lot on authenticators on smartcards, so I'll try to give a little bit of context. 😊 "nfc" is a shortcut for authenticators on an ISO 14443-3/7816-4 contactless interface - which NFC reader can communicate with. > We send a GetUID and if present, we treat the AuthenticatorTransport as nfc. It's only if we don't get a UID back we report "smart-card," which is meant to indicate a smart card with contacts. Again, contactless smart cards are treated as nfc. That's the expected behavior, contactless authenticators are "nfc". > As for smart-cards with contacts: I have a few sample cards of this type and they are a bit strange, none support a user presence gesture other than inserting the card... Yes, there is no user presence gesture on smartcard in contactless. If you plug it through its contact interface, you should have more or less the same behavior than in contactless, the user presence is managed by the client. But this is not a standardized transport... maybe in the next CTAP 2.2. > RPs can use this transport hint to decide to include language about inserting a smart-card vs inserting a usb security key. I imagine the only significant users of smart-cards with contacts being used as a FIDO authenticator will be enterprises. 👍 > Microsoft is the only other platform supporting CCID readers as far as I know. Windows has also been supporting contact smart card since day one. That's a result of how WinSCard is designed, and Microsoft decided not to go to the length of guessing if the card on the reader is read through contact or contactless interface. -- GitHub Notification of comment by serianox Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1835#issuecomment-1369662579 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 3 January 2023 11:30:33 UTC