[Webkit-unassigned] [Bug 219157] New: [WebAuthn] Current WebAuthn popup dialog text restricts use to sign-in use cases
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Nov 19 06:10:32 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=219157
Bug ID: 219157
Summary: [WebAuthn] Current WebAuthn popup dialog text
restricts use to sign-in use cases
Product: WebKit
Version: Safari 14
Hardware: iPhone / iPad
OS: Other
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: at.brand at icloud.com
While the current text shown by Safari during a WebAuthn assertion [navigator.get()] makes sense in the context of a sign-in, it inhibits using the feature for other use cases such as payment authorization or step-up authentication. When invoking WebAuthn during these use cases, the current text displayed on the dialog presented by the browser leads to confusion ("Do you want to sign-in to example.com using user at example.com").
Other browsers are using text that is somewhat more generic, enabling such use-cases:
* "Use your security key with example.com"
* "example.com wants to authenticate you using a registered security key"
* "For security, ~application~ needs to verify your identity"
Would it be possible to consider displaying a message that is slightly more generic during the navigator.get() operation, enabling additional WebAuthn use cases other than sign-in?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201119/89e838af/attachment-0001.htm>
More information about the webkit-unassigned
mailing list