Re: [webauthn] Clarify relation between requireUserVerification values for MakeCredential and GetAssertion (#1305) from Adam Langley via GitHub on 2019-10-02 (public-webauthn@w3.org from October 2019)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 02 Oct 2019 19:38:39 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-537647197-1570045118-sysbot+gh@w3.org>

From the call of 2019-10-02: seems that we should remove the referenced note as it's not the case that we can ensure that the same human who is verified at assertion time is the human who registered a credential.

We may also want clarity on the behaviour of mismatched UV at registration and assertion time.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1305#issuecomment-537647197 using your GitHub account

Received on Wednesday, 2 October 2019 19:38:41 UTC