- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Fri, 19 Jan 2024 12:09:35 +0000
- To: public-webauthn@w3.org
Thanks for pointing this out! There is a connection, but it is a bit buried: - [Step 27 of §7.1. Registering a New Credential](https://w3c.github.io/webauthn/#reg-ceremony-store-credential-record) instructs to set `credentialRecord.transports` to the return value of `getTransports()`. - The [definition of a Credential Record](https://w3c.github.io/webauthn/#credential-record) also includes a definition of the [**credential descriptor for a credential record**](https://w3c.github.io/webauthn/#credential-descriptor-for-a-credential-record), which instructs to set [`PublicKeyCredentialDescriptor.transports`](https://w3c.github.io/webauthn/#dom-publickeycredentialdescriptor-transports) to the value of [`credentialRecord.transports`](https://w3c.github.io/webauthn/#abstract-opdef-credential-record-transports). - The [definition of `allowCredentials`](https://w3c.github.io/webauthn/#dom-publickeycredentialrequestoptions-allowcredentials) recommends to set it to a list of the [**credential descriptors for credential records**](https://w3c.github.io/webauthn/#credential-descriptor-for-a-credential-record) in the [user account](https://w3c.github.io/webauthn/#user-account). So technically there is a recommendation of how to use it, but the chain of steps is certainly not obvious just by looking at the list of places where `credentialRecord.transports` is referenced. It might help to somehow reference `credentialRecord.transports` in [§7.2. Verifying an Authentication Assertion](https://w3c.github.io/webauthn/#sctn-verifying-assertion), like there is a reference in [§7.1. Registering a New Credential](https://w3c.github.io/webauthn/#sctn-registering-a-new-credential), but the first step of §7.2 already reads: >1. Let options be a new [PublicKeyCredentialRequestOptions](https://w3c.github.io/webauthn/#dictdef-publickeycredentialrequestoptions) structure configured to the [Relying Party](https://w3c.github.io/webauthn/#relying-party)'s needs for the ceremony. and I don't really want to start weighing that down with specific callouts of individual parameters of note. I think we could improve the description of [`PublicKeyCredential.transports`](https://w3c.github.io/webauthn/#dom-publickeycredentialdescriptor-transports) and include a reference to `credentialRecord.transports` there, though. I think that could have the additional benefit of making the paragraph a bit shorter, too. @jameshartig does that seem like a fair solution? -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2016#issuecomment-1900302717 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 19 January 2024 12:09:38 UTC