search

w3c / webauthn

Web Authentication: An API for accessing Public Key Credentials
https://w3c.github.io/webauthn/
Other
1.19k stars 172 forks source link

Clarify meaning of "unless" in UP flag validation #2126

Closed emlun closed 1 month ago

emlun commented 3 months ago

Fixes #2122.

I'm not entirely convinced about the "ignore this" part being a completely separated sentence, but I chose to formulate it this way to emphasize that by default the UP flag should be verified, and only in exceptional circumstances should this verification be ignored.

Preview | Diff

zacknewman commented 3 months ago

If you don't like how it's phrased, perhaps:

Verify that the UP bit of the flags in authData is set or options.mediation is set to conditional.

Of course "or" in natural language does not often mean what it does in logic (i.e., it can often mean mutual exclusivity), so you could phrase it like:

Verify that the UP bit of the flags in authData is set; if not, verify options.mediation is set to conditional.

timcappalli commented 3 months ago

TBH, I think the original text makes more sense.

emlun commented 1 month ago

I will take @pascoej's :+1: reaction and @timcappalli's comment in https://github.com/w3c/webauthn/pull/2126#discussion_r1735148989 as approval reviews; merging. Thanks!