- From: Jiewen Tan via GitHub <sysbot+gh@w3.org>
- Date: Wed, 04 Sep 2019 20:05:19 +0000
- To: public-webauthn@w3.org
alanwaketan has just created a new issue for https://github.com/w3c/webauthn: == Requiring user gesture to call WebAuthn API == Unsolicited dialogs or alerts are often disruptive and hated by users. The Level 1 spec didn’t require and foresee that disruptive UI would be shown in response to makeCredential or getAssertion. Now that showing UI has become the trend, a user gesture restriction should be needed so that websites don’t have the ability to disrupt user’s browsing. The is a breaking change given it is not required at Level 1. However, in our survey, all websites* require user interactions to kick off WebAuthn ceremonies. Therefore, this change should have already aligned with most websites’ current user experience, though some internal changes may be require to carry the user gesture to the API call site. \* Dropbox, Microsoft, Google, and GitHub. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1293 using your GitHub account
Received on Wednesday, 4 September 2019 20:05:32 UTC