You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For when we add a privacy considerations section to the spec, a property I believe is critical to capture is that an RP should be unable to learn if a matching credential is present or not until the user has given permission to allow the web site to access their wallet. This means, for example, that the UX of the no credential found case must be indistinguishable (eg. in terms of the occlusion and impact on web-observable input events) from the case where credentials are found.
See also #104 for a potential future way to mitigate the negative consequences of this principle.
The text was updated successfully, but these errors were encountered:
For when we add a privacy considerations section to the spec, a property I believe is critical to capture is that an RP should be unable to learn if a matching credential is present or not until the user has given permission to allow the web site to access their wallet. This means, for example, that the UX of the no credential found case must be indistinguishable (eg. in terms of the occlusion and impact on web-observable input events) from the case where credentials are found.
See also #104 for a potential future way to mitigate the negative consequences of this principle.
The text was updated successfully, but these errors were encountered: