[webauthn] Should steps 28 and 29 occur before Step 27 in the registration ceremony (#2204) from philomathic_life via GitHub on 2024-11-14 (public-webauthn@w3.org from November 2024)

From: philomathic_life via GitHub <sysbot+gh@w3.org>
Date: Thu, 14 Nov 2024 21:08:00 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-2660064034-1731618477-sysbot+gh@w3.org>

zacknewman has just created a new issue for https://github.com/w3c/webauthn:

== Should steps 28 and 29 occur before Step 27 in the registration ceremony ==
Currently [step 27](https://w3c.github.io/webauthn/#reg-ceremony-store-credential-record) occurs before steps [28](https://w3c.github.io/webauthn/#reg-ceremony-verify-extension-outputs) and 29; however it seems weird to "create and store a new [credential record](https://w3c.github.io/webauthn/#credential-record) in the [user account](https://w3c.github.io/webauthn/#user-account)" _before_ successfully completing steps 28 and 29, right? This means one could save a credential even though the ceremony fails later.

A similar issue exists for the authentication ceremony where [step 23](https://w3c.github.io/webauthn/#authn-ceremony-update-credential-record) occurs before steps [24](https://w3c.github.io/webauthn/#authn-ceremony-verify-extension-outputs) and 25.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2204 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 14 November 2024 21:08:00 UTC