[webauthn] Authenticator Attestation Response's [[transports]] should be an attribute rather than an internal slot. (#2080) from nbrr via GitHub on 2024-05-31 (public-webauthn@w3.org from May 2024)

From: nbrr via GitHub <sysbot+gh@w3.org>
Date: Fri, 31 May 2024 08:50:39 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-2327293585-1717145437-sysbot+gh@w3.org>

nbrr has just created a new issue for https://github.com/w3c/webauthn:

== Authenticator Attestation Response's [[transports]] should be an attribute rather than an internal slot. ==
It is recommended for a [credential record](https://w3c.github.io/webauthn/#credential-record) to register `transports`. This value is defined as an `internal slot` accessible through the Authenticator Attestation Response's `getTransports` method. 
This puts the RP in an awkward position as to accessing this value :

- in web browser context: the response to navigator.credentials.create() cannot be directly sent to the RP server to be saved as the internal slot data is usually not conveyed in serialization ; the web application must first extract the data with `.getTransports()` and add the value in its request to the RP server
- in Android Credential Manager context: the Credential Manager delivers a plain text JSON response without notion of _internal slot_.

Although these are implementation specific considerations, the current specification seems to make things unnecessarily difficult.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2080 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 31 May 2024 08:50:40 UTC