search

w3c / webappsec-credential-management

WebAppSec Credential Management
https://w3c.github.io/webappsec-credential-management/
Other
49 stars 36 forks source link

Should mediation be defaulted at all? #256

Open marcoscaceres opened 2 weeks ago

marcoscaceres commented 2 weeks ago

While working on https://github.com/WICG/digital-credentials/pull/149 it occurred to me that perhaps we should let mediation be nullable and make null the default - changed my mind... let's remove the default value entirely.

The rationale is that a credential interface determines what its mediation requirements (and could determine its own default value), as per steps 8.1:

  1. For each interface of interfaces: 8.1 If options.mediation is conditional and interface does not support conditional user mediation, return a promise rejected with a "TypeError" DOMException.

So, for example, for Digital Credential, a missing value (null) could be treated as "required". And the DC API could also define the allowed values in a backwards compatible / extensible way.

The problem right now for DC API is that mediation is always required, so that means every call to .get() must include {"mediation": "required"}, which is annoying from a developer point of view. It should just default to "required" when the credential type is DigitalCredential instead.

marcoscaceres commented 2 weeks ago

Ok, so, now that I gave this more thought and drank some coffee.... yeah, dropping the default value entirely and letting the Credential Type determine the default value would be best... if it doesn't provide a default type, it defaults to "conditional".

samuelgoto commented 2 weeks ago

Something that occurs to me as I read this is that if we allowed different credential types to pick different defaults, than we would corner ourselves from asking more than one at a time (eg. Which default do you use?).

marcoscaceres commented 2 weeks ago

My thinking is that the stronger default applies... the strongest being "required", so if any require "required" it always wins.

In the PR I asked if there was ever a case for any other enum value other than "required" and "conditional". If not, then specs just declare mediation is required and that wins, because UI must be shown no matter what possibly for both.

In cases where mediation is not required simultaneously, then N requests could just be made one after the other.

samuelgoto commented 2 weeks ago

In the PR I asked if there was ever a case for any other enum value other than "required" and "conditional".

Isn't optional the other that is most common?

marcoscaceres commented 2 weeks ago

Yes, sorry, I got confused and thought “conditional” was the default - my apologies. However, the definition of “optional” is still problematic, though the spec does provide guidance:

If credentials can be handed over for a given operation without user mediation, they will be. If user mediation is required, then the user agent will involve the user in the decision.

The issue stands though in that for the DC API, developers would still need to explicitly say it’s “required”.

My recommendation of letting the each credential type dictate its own default stands.