Merge pull request #1901 from w3c/tc-featdetc-ispaa

Add new isPasskeyPlatformAuthenticatorAvailable() method
w3c · Jul 12, 2023 · 5bd3dd1 · 5bd3dd1
2 parents e165bc1 + 8813987
commit 5bd3dd1
Showing 1 changed file with 33 additions and 6 deletions.
diff --git a/index.bs b/index.bs
@@ -1043,6 +1043,7 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
 : <dfn>Client-side discoverable Public Key Credential Source</dfn>
 : <dfn>Client-side discoverable Credential</dfn>
 : <dfn>Discoverable Credential</dfn>
+: <dfn>Passkey</dfn>
 : \[DEPRECATED] <dfn>Resident Credential</dfn>
 : \[DEPRECATED] <dfn>Resident Key</dfn>
 :: Note: Historically, [=client-side discoverable credentials=] have  been known as [=resident credentials=] or [=resident keys=].
@@ -2778,6 +2779,29 @@ Note: Invoking this method from a [=browsing context=] where the [=Web Authentic
 
 </div>
 
+### Availability of a [=passkey platform authenticator=] - PublicKeyCredential's `isPasskeyPlatformAuthenticatorAvailable()` Method ### {#sctn-isPasskeyPlatformAuthenticatorAvailable}
+
+<div link-for-hint="WebAuthentication/isPasskeyPlatformAuthenticatorAvailable">
+
+[=[WRPS]=] use this method to determine whether they can create a new [=passkey=] using a [=user-verifying platform authenticator=] or a {{AuthenticatorTransport/hybrid}} authenticator.
+Upon invocation, the [=client=] employs a [=client platform=]-specific procedure to discover available [=user-verifying platform authenticators=] and the 
+availability of {{AuthenticatorTransport/hybrid}} transport.
+If one or both are discovered, the promise is resolved with the value of [TRUE].
+If neither is discovered, the promise is resolved with the value of [FALSE].
+Based on the result, the [=[RP]=] can take further actions to guide the user to create a [=passkey=].
+
+This method has no arguments and returns a Boolean value.
+
+<xmp class="idl">
+    partial interface PublicKeyCredential {
+        static Promise<boolean> isPasskeyPlatformAuthenticatorAvailable();
+    };
+</xmp>
+
+Note: Invoking this method from a [=browsing context=] where the [=Web Authentication API=] is "disabled" according to the [=allowed to use=] algorithm&mdash;i.e., by a [=permissions policy=]&mdash;will result in the promise being rejected with a {{DOMException}} whose name is "{{NotAllowedError}}". See also [[#sctn-permissions-policy]].
+
+</div>
+
 ### Deserialize Registration ceremony options - PublicKeyCredential's `parseCreationOptionsFromJSON()` Method ### {#sctn-parseCreationOptionsFromJSON}
 
 <div link-for-hint="WebAuthentication/parseCreationOptionsFromJSON">
@@ -4316,8 +4340,8 @@ For example:
 
 The above examples illustrate the primary <dfn>authenticator type</dfn> characteristics:
 
-- Whether the [=authenticator=] is a [=roaming authenticator|roaming=] or [=platform authenticator|platform=] authenticator
-    &mdash; the [=authenticator attachment modality=].
+- Whether the [=authenticator=] is a [=roaming authenticator|roaming=] or [=platform authenticator|platform=] authenticator,
+    or in some cases both &mdash; the [=authenticator attachment modality=].
     A [=roaming authenticator=] can support one or more [[#enum-transport|transports]] for communicating with the [=client=].
 - Whether the authenticator is capable of [=user verification=] &mdash; the [=authentication factor capability=].
 - Whether the authenticator is [=discoverable credential capable=] &mdash; the [=credential storage modality=].
@@ -4362,6 +4386,12 @@ lists and names some [=authenticator types=] of particular interest.
                 <td> [=client-side credential storage modality|Client-side storage=] </td>
                 <td> [=Multi-factor capable=] </td>
             </tr>
+            <tr>
+                <th> <dfn>Passkey platform authenticator</dfn> </th>
+                <td> [=platform attachment|platform=] ({{AuthenticatorTransport|transport}} = {{AuthenticatorTransport/internal}}) or [=cross-platform attachment|cross-platform=] ({{AuthenticatorTransport|transport}} = {{AuthenticatorTransport/hybrid}})</td>
+                <td> [=client-side credential storage modality|Client-side storage=] </td>
+                <td> [=Multi-factor capable=] </td>
+            </tr>
         </tbody>
     </table>
     <figcaption>
@@ -4383,13 +4413,10 @@ typically a PIN or [=biometric recognition=].
 The [=authenticator=] can thus act as two kinds of [=authentication factor=],
 which enables [=multi-factor=] authentication while eliminating the need to share a password with the [=[RP]=].
 
-The four combinations not named in <a href="#table-authenticatorTypes">Table <span class="table-ref-previous"/></a>
+The combinations not named in <a href="#table-authenticatorTypes">Table <span class="table-ref-previous"/></a>
 have less distinguished use cases:
 
 
-- The [=credential storage modality=] is less relevant for a [=platform authenticator=] than for a [=roaming authenticator=],
-    since users using a [=platform authenticator=] can typically be identified by a session cookie or the like
-    (i.e., ambient credentials).
 - A [=roaming authenticator=] that is [=discoverable credential capable=] but not [=multi-factor capable=]
     can be used for [=single-factor=] authentication without a username,
     where the user is automatically identified by the [=user handle=]