- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Fri, 27 Jan 2023 12:18:48 +0000
- To: public-webauthn@w3.org
...and as I wrote this out I realized I'm going to immediately argue against myself (hey, that's what discussions are for!):
> Essentially, a `false` output would indicate that the extension might succeed on that device if the RP retries the request at a later time, while an absent output would indicate the extension is unlikely to succeed if retried.
On further thought this doesn't quite hold up: an absent output could also just mean the client is not recent enough, while the authenticator is perfectly capable of the required operations. So the `false` proposed above might actually not add any information?
So perhaps the meaning of `false` should be the other way around, at least on the client output level - if the client understands the extension, and knows that the authenticator will never support it, then return some variant of "~false" to indicate the RP can stop retrying on this machine. If that is in combination with an authenticator output of `false`, then it means the extension is supported but failed; if the client output is "~false" and the authenticator output is absent, that means the authenticator will never support it.
As noted above, I suppose empty object (`{}`) would be the natural way to express a "~false" client output without complicating the WebIDL types. But then: this adds a bit of complexity in processing the output values. Is the information gained worth that added complexity?
--
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1846#issuecomment-1406422612 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 27 January 2023 12:18:50 UTC