Talk:WebAuthn

Latest comment: 5 years ago by Trscavo in topic Support

Excessively amalgamated "such as"

edit

WebAuthn is designed so that it can work with a range of public-key authenticator mechanisms, from pure software implementations to those using specialized hardware environments, such as a processor's trusted execution environment, a Trusted Platform Module, or an external hardware token accessed via USB, Bluetooth Low Energy, or near-field communications (NFC).

The "such as" list does not adequately declare itself on the range from "pure software" to "specialized hardware".

Expects can probably puzzle this out in 15 s. That is not the target audience for the lead passage. — MaxEnt 14:34, 10 September 2018 (UTC)Reply

I think you are right, this is not as easily readable as it should be. I'm going to re-phrase this. --Karol Babioch (talk) 18:36, 9 October 2018 (UTC)Reply
I finally managed to re-phrase the whole introduction. Hopefully it is better understandable now. Let me know what you think of it. --Karol Babioch (talk) 20:28, 11 October 2018 (UTC)Reply

Avoid long summaries

edit

Title says it all. For details, see: WP:SUMMARYNO. Thanks. Tom Scavo (talk) 13:37, 6 March 2019 (UTC)Reply

Overview added

edit

The article is under construction. A number of round trips are required. Thanks for your patience. Tom Scavo (talk) 15:26, 6 March 2019 (UTC)Reply

Basic content added. It would be nice if the terms linked to the W3C WebAuthn glossary but I don't know how to do that. May have to link to the glossary itself (and let the reader navigate further). Tom Scavo (talk) 16:18, 6 March 2019 (UTC)Reply
Okay, I've reached a stopping point (have at it). A few notes:
  1. Please don't link to the Authenticator topic (since it's a mess). I'm working on a complete rewrite of the Authenticator topic but this will take awhile.
  2. Concrete examples of software authenticator and platform authenticator are needed. Web citations are required in each case.
  3. If you know of an authoritative citation that justifies the last paragraph in the WebAuthn#Overview section, please add it. Published articles only, please. We don't want to start a flame war :-) Tom Scavo (talk) 16:29, 6 March 2019 (UTC)Reply

Biometrics

edit

I believe the last paragraph is accurate. I was tempted to write "users are uniformly apprehensive of biometrics" (or something like that) but that would be even more contentious, I know. Clearly the last paragraph needs at least one authoritative citation (see above). Tom Scavo (talk) 18:11, 6 March 2019 (UTC)Reply

I added a couple of citations re biometrics (both from Duo Security) but I still think a published reference is needed. Surely someone has already done this research. Tom Scavo (talk) 17:02, 8 March 2019 (UTC)Reply

Support

edit

IMO, the WebAuthn#Support section should cover browsers and relying parties only, no authenticators. Alternatively, the latter could be listed on the forthcoming Draft:Authenticator page instead. I added a table to that page along with a bit of content to illustrate. Comments? Tom Scavo (talk) 17:31, 8 March 2019 (UTC)Reply