- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Sun, 11 Jun 2023 19:02:32 +0000
- To: public-webauthn@w3.org
> Is it that the Hybrid transport is possible, or that one of UVPAA or Hybrid is possible? The aspect of this PR that is most interesting to me as an RP is having some kind of signal that hybrid auth is possible. Right now auth can appear feasible (WebAuthn is present and isUVPAA returns true, for a user with an `["internal", "hybrid"]` credential), but auth fails because Chrome wants to prompt for hybrid but can't because the user clicked No weeks ago when Chrome unexpectedly prompted for Bluetooth permission. We of course can't know via JavaScript that Chrome is missing prerequisites at the OS level for hybrid, so an API to preemptively know that hybrid is possible (a simple true/false that's really the browser telling the RP, "yes, I programmatically have everything I need to do hybrid" without getting into specifics) feels innocuous enough to me for me to be hopeful that we can work something like this into the spec. That's my motivation for approving this PR. But I wonder too if this concept might also spur more discussion around a way for an RP to understand what ceremonies the client can handle, to tailor communications for the WebAuthn registration and authentication ceremonies for the end user's sake. (This also ties a bit into earlier conversations we've had around how an RP could hint that it wants to do hybrid registration instead of security key registration for a `"cross-platform"` attachment.) -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1901#issuecomment-1586294420 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Sunday, 11 June 2023 19:02:34 UTC