Re: [webauthn] Provide a mechanism to indicate backend registration success or failure (#2067)

@Firehed one of the challenges with anything in this space, including the Report API (which is why it will be opportunistic), is there can't be any expectation that the authenticator is still available after the ceremony completes. For example, the user may disconnect their security key, or they may have been using their phone which is no longer in range, which would mean the client would have to do some guessing on behalf of the authenticator, which is also not ideal.

In general, I like what you proposed, but unfortunately I think it would still be stuck in the opportunistic bucket, which means adding it would introduce additional complexity. The goal with the Report API is to tuck as many housekeeping capabilities as possible into this opportunistic call made by the RP.

-- 
GitHub Notification of comment by timcappalli
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2067#issuecomment-2094203596 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Saturday, 4 May 2024 13:35:43 UTC