- From: Emil Lundberg via GitHub <noreply@w3.org>
- Date: Mon, 29 Sep 2025 15:37:19 +0000
- To: public-webauthn@w3.org
It was proposed in PR #2280, but the WG was not convinced this would in practice help more than it hurts since currently existing security key implementations have no storage slots to carry these metadata fields between clients (see for example https://github.com/w3c/webauthn/pull/2280#discussion_r2069353504) - so any provided metadata would in practice be silently ignored for users using such security keys. We also rate this as probably having quite low impact, since these localizable strings are display names for the user and therefore in many cases are chosen by the user themself to be displayed back to the same user, usually on the same host system(s). So it's likely that emitter and consumer have the same language and locale settings, since emitter and consumer are often the same system. We also got around to this very late in the L3 process, and would have to demonstrate two independent implementations of it within the L3 timeline to keep it in L3. That's on us, but we didn't want to hold up L3 for this given the likely low impact as noted above. We hope to have more time in L4 to resolve this properly. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1643#issuecomment-3347704845 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 29 September 2025 15:37:20 UTC