- From: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
- Date: Wed, 14 Jun 2023 14:00:11 +0000
- To: public-webauthn@w3.org
I haven't read the whole thread, but to put my 2 cents in: I always found the term "passkey" rather vague, something like a marketing buzzword rather than some precise technical meaning. So ...what *is* a passkey?
If you want to use this in the method, I would advise first defining what exactly is a passkey is. ...and pretty high up in the specs ...and also what a "passkey platform authenticator" means.
> `isPasskeyPlatformAuthenticatorAvailable()` [...] use this method to determine whether they can create a new [=passkey=] using a [=user-verifying platform authenticator=] or a {{AuthenticatorTransport/hybrid}} authenticator.
Upon invocation, the [=client=] employs a [=client platform=]-specific procedure to discover available [=user-verifying platform authenticators=] and the availability of {{AuthenticatorTransport/hybrid}} transport.
If one or both are discovered, the promise is resolved with the value of [TRUE]...
- Yeah, but what is a passkey? Isn't it a plain (PublicKey) credential ?
- We have `isUserVerifyingPlatformAuthenticatorAvailable()` already
- Wouldn't it be best to simply add `isHybridAuthenticatorAvailable()` to cover both cases?
I find this PR problematic because of two things: it adds even more terminology on top without clearly defining it and the method checks two things at once instead of only the second part we don't have.
---
Btw, I always found "hybrid" a strange vocabulary choice, something like "roaming" would have been more intuitive.
--
GitHub Notification of comment by dagnelies
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1901#issuecomment-1591269429 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 14 June 2023 14:00:12 UTC