Talk:WebAuthn

Excessively amalgamated "such as"
WebAuthn is designed so that it can work with a range of public-key authenticator mechanisms, from pure software implementations to those using specialized hardware environments, such as a processor's trusted execution environment, a Trusted Platform Module, or an external hardware token accessed via USB, Bluetooth Low Energy, or near-field communications (NFC).

The "such as" list does not adequately declare itself on the range from "pure software" to "specialized hardware".

Expects can probably puzzle this out in 15 s. That is not the target audience for the lead passage. &mdash; MaxEnt 14:34, 10 September 2018 (UTC)


 * I think you are right, this is not as easily readable as it should be. I'm going to re-phrase this. --Karol Babioch (talk) 18:36, 9 October 2018 (UTC)


 * I finally managed to re-phrase the whole introduction. Hopefully it is better understandable now. Let me know what you think of it. --Karol Babioch (talk) 20:28, 11 October 2018 (UTC)

Avoid long summaries
Title says it all. For details, see: WP:SUMMARYNO. Thanks. Tom Scavo (talk) 13:37, 6 March 2019 (UTC)

Overview added
The article is under construction. A number of round trips are required. Thanks for your patience. Tom Scavo (talk) 15:26, 6 March 2019 (UTC)


 * Basic content added. It would be nice if the terms linked to the W3C WebAuthn glossary but I don't know how to do that. May have to link to the glossary itself (and let the reader navigate further). Tom Scavo (talk) 16:18, 6 March 2019 (UTC)


 * Okay, I've reached a stopping point (have at it). A few notes:
 * Please don't link to the Authenticator topic (since it's a mess). I'm working on a complete rewrite of the Authenticator topic but this will take awhile.
 * Concrete examples of software authenticator and platform authenticator are needed. Web citations are required in each case.
 * If you know of an authoritative citation that justifies the last paragraph in the WebAuthn section, please add it. Published articles only, please. We don't want to start a flame war :-) Tom Scavo (talk) 16:29, 6 March 2019 (UTC)

Biometrics
I believe the last paragraph is accurate. I was tempted to write "users are uniformly apprehensive of biometrics" (or something like that) but that would be even more contentious, I know. Clearly the last paragraph needs at least one authoritative citation (see above). Tom Scavo (talk) 18:11, 6 March 2019 (UTC)


 * I added a couple of citations re biometrics (both from Duo Security) but I still think a published reference is needed. Surely someone has already done this research. Tom Scavo (talk) 17:02, 8 March 2019 (UTC)

Support
IMO, the WebAuthn section should cover browsers and relying parties only, no authenticators. Alternatively, the latter could be listed on the forthcoming Draft:Authenticator page instead. I added a table to that page along with a bit of content to illustrate. Comments? Tom Scavo (talk) 17:31, 8 March 2019 (UTC)