Re: [webauthn] First factor authenticator selection from =JeffH via GitHub on 2017-10-16 (public-webauthn@w3.org from October 2017)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Mon, 16 Oct 2017 21:58:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-337055962-1508191089-sysbot+gh@w3.org>

So, at [#createCredential](https://w3c.github.io/webauthn/#createCredential) (aka `navigator.credentials.create()` aka `[[Create]]`) time, the RP will need to set both `options.authenticatorSelection.requireResidentKey` and `options.authenticatorSelection.requireUserVerification` to `true` in order to stipulate use of a first-factor (aka "passwordless") authenticator, yes? 

this is because by definition a first-factor authenticator is one that is capable of [user verification](https://w3c.github.io/webauthn/#user-verification). 

It will be helpful to address issue #422 and get the authenticator taxonomy formally defined. 


-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/640#issuecomment-337055962 using your GitHub account

Received on Monday, 16 October 2017 21:58:11 UTC