Re: [webauthn] Add new isPasskeyPlatformAuthenticatorAvailable() method (#1901) from Arnaud Dagnelies via GitHub on 2023-06-14 (public-webauthn@w3.org from June 2023)

From: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
Date: Wed, 14 Jun 2023 15:36:23 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1591493861-1686756981-sysbot+gh@w3.org>

> As I continue to say, let's make WebAuthn easier to use because it'll help with adoption.

Well, I'm all for that ^^ ...IMHO a big challenge is the large pool of unintuitive or unclear terminology.

When you see `isPasskeyPlatformAuthenticatorAvailable()` you basically have no idea what it does. It's impossible to guess. Exactly like `isConditionalMediationAvailable()` ...the first reaction is "What does that check?" and you spend more time figuring it out rather than using a more explicit method. ...Of course there are some tutorials that you can follow and people will just copy/paste ...but it's simply unclear due to the vocabulary.

If I would write it from scratch, I'd simply write it like this:

- `isPlatformAuthenticatorAvailable()` // with user verification assumed
- `isRoamingAuthenticatorAvailable()`
- `isAvailable()` // checks both

> To reiterate earlier discussion, and as per this PR, it's an alias for "discoverable credential". And in fact with FIDO Alliance shifting marketing of passkeys into "synced passkey" and "device-bound passkey" (so the synced part is no longer implied) shouldn't there be there should be fewer reasons not to make this connection.

See, you got me. I actually thought a "passkey" was a credential meant to be synced by the platform. I also always found this "discoverable" confusing.

I actually find "passkey" a nicer term than a "credential" because it's more clear. Also "synced" and "device-bound" really hit the spot since it's way more accurate than the current "backup" vocabulary. Nevertheless, if passkey *is* a "discoverable credential", then this change should be applied to the whole spec and not add one more terminology alias. ...and if a passkey is a "discoverable credential", what is a "non-discoverable credential"? ;)

--
GitHub Notification of comment by dagnelies
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1901#issuecomment-1591493861 using your GitHub account

--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 14 June 2023 15:36:25 UTC