[webauthn] Deprecate AuthenticatorAttachment in favor of PublicKeyCredentialHints. (#2053) from Akshay Kumar via GitHub on 2024-03-27 (public-webauthn@w3.org from March 2024)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 Mar 2024 17:26:32 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-2211370186-1711560390-sysbot+gh@w3.org>

akshayku has just created a new issue for https://github.com/w3c/webauthn:

== Deprecate AuthenticatorAttachment in favor of PublicKeyCredentialHints.  ==
## Background

We have introduced PublicKeyCredentialHints for RP to better convey intention of which transport is preferred for both credential creation and authentication. Previously, AuthenticatorAttachment was used to convey similar intention. 

However, AuthenticatorAttachment has a side affect during credential creation. It excludes certain authenticators and the definition of platform vs cross-platform has been murky for some time since the introduction of hybrid transport. It leads to market fragmentation and UI differences between platforms. 

## Proposed Change
Deprecate AuthenticatorAttachment in favor of PublicKeyCredentialHints in the spec. For backwards compatibilty when only attachment is provided, we can map those values to corresponding PublicKeyCredentialHints. 


Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2053 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 27 March 2024 17:26:33 UTC