- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Wed, 27 Mar 2024 17:33:31 +0000
- To: public-webauthn@w3.org
We attempted to hedge this by establishing in L3 that hints override attachment: > Hints MAY contradict information contained in credential [transports](https://w3c.github.io/webauthn/#dom-publickeycredentialdescriptor-transports) and [authenticatorAttachment](https://w3c.github.io/webauthn/#dom-authenticatorselectioncriteria-authenticatorattachment). When this occurs, the hints take precedence. (Note that [transports](https://w3c.github.io/webauthn/#dom-publickeycredentialdescriptor-transports) values are not provided when using [discoverable credentials](https://w3c.github.io/webauthn/#discoverable-credential), leaving hints as the only avenue for expressing some aspects of such a request.) Deprecating in L4 definitely makes sense. > But I think we need to address RPs who still want to specify local vs remote, without having to worry about all the options. This could be addressed by just adding two additional options to hints (e.g. `local-client`, `remote-authenticator`). @timcappalli Are you thinking about auth here? Because `client-device` and `hybrid` hints should solve this for registration... -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2053#issuecomment-2023382632 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 27 March 2024 17:33:32 UTC