Re: [webauthn] credentials.get() should have optional parameters for userVerification and userPresence from Akshay Kumar via GitHub on 2017-10-11 (public-webauthn@w3.org from October 2017)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Wed, 11 Oct 2017 20:45:54 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-335942748-1507754739-sysbot+gh@w3.org>

Thinking more about this, doesn't silent signatures problematic as they leak information without user knowing? 

How does one make sure that, user has given consent the first time and then it can be used at later stage without user presence but no silent signatures without user consent at some earlier time?

-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/629#issuecomment-335942748 using your GitHub account

Received on Wednesday, 11 October 2017 20:45:42 UTC