[webauthn] Support `discoverableCredential` fields in the API. (#1565) from Lucas Garron via GitHub on 2021-02-09 (public-webauthn@w3.org from February 2021)

From: Lucas Garron via GitHub <sysbot+gh@w3.org>
Date: Tue, 09 Feb 2021 00:27:14 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-804082943-1612830433-sysbot+gh@w3.org>

lgarron has just created a new issue for https://github.com/w3c/webauthn:

== Support `discoverableCredential` fields in the API. ==
WebAuthn is rather difficult to explain to someone, for a few reasons. Now that the spec has settled on "discoverable credentials", it's especially confusing that the actual browser API does not use that term at all, and uses a synonym ("resident key") that shares no words in common. At the risk of misappropriating a social metaphor, it is similar to a [missing stair](https://en.wikipedia.org/wiki/Missing_stair) — "oh, yeah, remember that a resident key isn't called a resident key".

I would love to see some investment in fixing this, for the benefit of those who learn to use the API in the future (or want to keep remembering how it works 😛). For example:

- Introduce `discoverableCredential` as a synonym for the `residentKey` auth selection field.
- Specify that `discoverableCredential` overrides `residentKey` and `residentKeyRequired`. Fortunately, the spec already has a way to indicate which field was used.

Since it looks like the spec will have at least two levels and level 2 is still being finalized, it is clear that browsers are still working on their WebAuthn implementations. I think it is still feasible to include a name change at this point and hope for it to land in browsers in a reasonable time frame.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1565 using your GitHub account

--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 9 February 2021 00:27:16 UTC