- From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
- Date: Wed, 14 Feb 2024 10:41:00 +0000
- To: public-webauthn@w3.org
rlin1 has just created a new issue for https://github.com/w3c/webauthn: == Revised txAuthSimple extension == With the original txAuthSimple extension included in WebAuthn-Level 1 (https://www.w3.org/TR/webauthn-1/#sctn-simple-txauth-extension), authenticator could display transaction text. With secure payment confirmation (SPC) the browser can be used to show payment details and use an authenticator to approve the payment. But there is no way to show and approve non-payment transactions. The challenge is to ensure the transaction text was visible to the user and to return evidence of this to the RP. ## Proposed Change The revised txAuthSimple extension allows the browser or the authenticator to display the transaction text (string) and reflect that in the WebAuthn assertion. The previous version (included in WebAuthn-Level 1) always required the authenticator to display it - practically preventing traditional security keys to be used in such context). Exemplary use cases are: a) ability to move money from account to another b) share health data with hospitals Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2022 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 14 February 2024 10:41:02 UTC