- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Sat, 20 Apr 2024 01:27:18 +0000
- To: public-webauthn@w3.org
> Is this true? The spec says "if two hints are contradictory, the first one controls" which seems to imply that something like `["security-key", "client-device"]` is equivalent to `["security-device"]` due to the two contradicting each other and `"security-key"` appearing first. I'd suggest that providing two places is nice because it gives priority on the first, but also provides browsers with direction if the first method isn't available. For example, a browser could receive `["client-device", "hybrid"]`, know that a platform is unavailable in its own way outside the scope of this discussion, and decide to pop up the hybrid QR code instead because the browser knew it had enough prerequisites satisfied to perform a hybrid ceremony. Without the inclusion of `"hybrid"` the browser might have otherwise shown both hybrid and security keys when the RP isn't as interested in exposing security keys to their users. I'll have to respond to your other points later, I'm heading back home from today's WAWG F2F ✌️ -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2053#issuecomment-2067501078 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 20 April 2024 01:27:19 UTC