w3c / webappsec-credential-management

WebAppSec Credential Management
https://w3c.github.io/webappsec-credential-management/
Other
50 stars 38 forks source link

create-a-cred and request-a-cred ought to return only a cred or error #129

Open equalsJeffH opened 6 years ago

equalsJeffH commented 6 years ago

Presently, credman's create-a-cred and request-a-cred algs have a tri-state return: a Credential if one can be returned given the options provided, null if no credential can be {created, found}, or an error.

Webauthn however returns only bi-state: either a cred or an error.

Might we update the credman create-a-cred and request-a-cred to be bi-state a la webauthn ?

See: https://github.com/w3c/webauthn/issues/876

equalsJeffH commented 6 years ago

on webappsec tpac call on 23-oct-2018 @mikewest observes that the pswd cred and fed cred algs DO use the tri-state return values and it seems useful and does not want to loose that just because webauthn.

@jcjones and @mikewest will huddle this week and figure out where in credman to note that some plug-in algs eg webauthn's can return just bi-state if that's what's good for them.