zlacker

[return to "A Tour of WebAuthn"]
1. Zamico+uR[view] [source] 2024-12-27 05:14:56
>>caust1+(OP)
WebAuthn and passkeys are a disaster.

Much of the specs were created behind closed doors and never done in a way where we could have had outside input. They're completely corporate driven and designed to control users not empower them.

◧◩
2. pas+sj1[view] [source] 2024-12-27 13:21:31
>>Zamico+uR
Ah yes the closed doors of the world wide web consortium.

https://lists.w3.org/Archives/Public/public-webauthn/

(nb. I'm not saying the folks were easy to work with or super open to discussion, but it was not some clandestine black kitchen where it was cooked up.)

◧◩◪
3. lxgr+Qu1[view] [source] 2024-12-27 14:59:15
>>pas+sj1
The working group is definitely quite corporate-driven – just look at who's most active in it! – and has made some bad decisions in the past (my favorite example being [1], which effectively either breaks the hardware authenticator experience for passkeys or helps Yubico sell more/higher capacity Yubikeys, depending on how you look at it).

But I agree that one thing you can't accuse them of is not operating in the open. While I don't agree with some of their decisions, discussing feedback in Github issues as well as on public mailing lists is probably as transparent as it gets.

[1] https://github.com/w3c/webauthn/issues/1822

[go to top]