- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Wed, 12 Feb 2025 13:41:49 +0000
- To: public-webauthn@w3.org
> I think I'm fine with the high level concept, but I disagree on the semantics of specifying it via `hints`. `PublicKeyCredentialHint` communicate a preference for **authenticator** properties, while this proposed backup eligibility hint represents a desired **credential** property. > > The main issue is that values in `hints` are ordered by preference; I can imagine that hints processing rules would get quite complicated (and RPs would easily get confused too) if they had to accommodate all the permutations of these values and their positions in the array. > > Maybe we define a new "`credentialHints`"? When we added hints to the spec, I thought the purpose of naming it as a general purpose "hint" name is that we can add more things to this array in the future without changing the IDL. I was also not thinking about Authenticator hint vs Credential hint and interestingly we named it as PublicKeyCredentialHint instead of PublicKeyAuthenticatorHint. Regarding the complication of processing rules, anything we add to hints array in the future which are not conveying already present transport info (either via AuthenticatorHints or CredentialHints), will arise in that processing complication anyway. So in effect, it looks like that hint is now effectively a static transport specific option. I have opened an alternative backup preference specific option as part of PublicKeyCredentialCreationOptions in #2259. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2253#issuecomment-2653749014 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 12 February 2025 13:41:50 UTC