Re: [webauthn] Include enterpriseAttestation in getClientClientCapabilities (#2051) from Nina Satragno via GitHub on 2024-04-03 (public-webauthn@w3.org from April 2024)

From: Nina Satragno via GitHub <sysbot+gh@w3.org>
Date: Wed, 03 Apr 2024 19:54:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2035460493-1712174096-sysbot+gh@w3.org>

The type error if an attestation type is not supported should not be a reason to merge this. Browsers should not error out on unknown values to begin with, and we should not patch non compliant behaviour with more feature detection.

However, when an RP requires Enterprise Attestation, it probably doesn't make any sense to continue the ceremony when it has no chance to succeed -- so I can see value in this capability. My only concern is there will be a gap until we get the browsers updated where EA will be supported, but this capability will not. Are we risking those RPs assuming EA is not supported when it is during that gap?

-- 
GitHub Notification of comment by nsatragno
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2051#issuecomment-2035460493 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 3 April 2024 19:54:59 UTC