- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Fri, 19 Apr 2024 20:42:20 +0000
- To: public-webauthn@w3.org
As I write my WebAuthn RP library, I do find it somewhat bizarre that `["hybrid"]` gets mapped to `"cross-platform"` instead of mapping to a missing value. According to the [`authenticatorAttachment` field](https://www.w3.org/TR/webauthn-3/#dom-authenticatorselectioncriteria-authenticatorattachment), "If this member is absent, then any attachment modality is acceptable". Doesn't `"hybrid"` mean both `"platform"` and `"cross-platform"` are allowed without preference to either one? If so, that seems to align with "any attachment modality is acceptable" (i.e., a missing field). Also for clarification, the spec says "Hints are provided in order of decreasing preference so, if two hints are contradictory, the first one controls. Hints may also overlap: if a more-specific hint is defined a [Relying Party](https://www.w3.org/TR/webauthn-3/#relying-party) may still wish to send less specific ones for user-agents that may not recognise the more specific one. In this case the most specific hint should be sent before the less-specific ones". This means that the countably infinite `[PublicKeyCredentialHints]?` is partitioned into five equivalence classes, correct: 1. `[]` 2. `["security-key"]` 3. `["client-device"]` 4. `["security-key", "hybrid"]` 5. `["client-device", "hybrid"]` Here I am assuming that a missing `hints` field, `["hybrid"]`, and `[]` are the same. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2053#issuecomment-2067258440 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 19 April 2024 20:42:21 UTC