samuelgoto
commented
1 month ago We chatted on the CG call about this today and there were good points raised by the group.
There were a few good observations:
(1) @bvandersloot-mozilla agrees that supporting mediation="optional" but handling it as mediation="required" can work (2) @npdoty raised whether the group knows under what circumstance we'd have a valid case of mediation="optional", and challenged that it could be abused into auto sign-in cases which aren't equally comparable to government-issued identities (3) @samuelgoto realized that taking mediation="required" only (and dropping everything else) won't corner us to support mediation="optional", so we could cross that bridge when we get there. The only drawback was that (a) it requires developers to type mediation="required" (since mediation="optional" is the default) and (b) update every code snippet out there to include it.
Most of us had an intuition that mediation="optional" would be useful at some point, but not strongly enough that it was something that had to be done at the moment.
So, the convergence in the call was to keep requiring mediation = "required", and re-open this discussion when we figure out valid use cases that we'd want to support.
cbiesinger
From an implementation perspective, the user agent can always take mediation = "optional" as mediation = "required".
There are two reasons to accept mediation = "optional" too:
(a) first, it is the default value of
mediation, so it allows an unspecified mediation to fallback to something runnable (b) second, it allows implementations to take the hint from developers and experiment with ways in which the user mediation can be waived (e.g. on a subsequent presentation).Here is a concrete proposal on how to go about it.