- From: Harsh Lal via GitHub <noreply@w3.org>
- Date: Mon, 16 Mar 2026 21:24:20 +0000
- To: public-webauthn@w3.org
> Instead of saying "Sign in with a passkey" for a payment or privileged action, you could optionally show "Authorize with a passkey" (as one example). So "purpose" is a free-form text field supposed to be a verb, or is it planned to be an enum? Also are platform supposed to show the exact string - or it is open to interpretation. > Contact and contactless cards have very different experiences which could benefit from a variance in guidance for the user (e.g. tap vs insert terminology) - We can just call a `Contact card` that can be inserted over USB - same as a security key. The platform guidance remains same mostly. - Same for `Contactless card` where the platform guidance remains same mostly as connecting over NFC - same as security key. As I understand the goal is to provide guidance to the users about how to connect their card/badge/key to the device/platform. This mostly depends on connection mechanism like USB/NFC rather than form factor itself. > Same with badge. "Tap your card" when expecting users to tap their employee badge may not have the expected result. - Here I would say that in terms of user guidance, it would be a shared responsibility between the organization (which is deploying let's say a Fido2 badge form factor) and the platform. If an organization deployed Fido2 badges - IMO during onboarding the employees would be made aware of it - and platform provides a generic guidance about how to use it over NFC. Same holds true if a user purchases a Fido2 contactless card (card manufacturers mostly have some sort of guidance in form of [icons/labels](https://www.amazon.com/dp/B0B384JCP8) ). They are aware that this card would be connected via tap to the device. I want to avoid the confusion stemming from the fact - "all badges are cards but not vice versa". -- GitHub Notification of comment by harshlal028 Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2360#issuecomment-4070678950 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 16 March 2026 21:24:21 UTC