- From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
- Date: Mon, 08 Aug 2016 07:35:33 +0000
- To: public-webauthn@w3.org
@rlin - Not all authenticators do dynamic update of biometric reference data, but there are a significant number that do. Even in the absence of dynamic update, some corner cases arise. For example, a user who has enrolled a particular finger and been using it, and then decided to delete and redo the enrollment (perhaps because it is not working so well any more). The system has no way of knowing this is exactly the same finger from the biometric reference data alone (since this will be slightly different each time the enrollment is done). Perhaps it is okay in such corner cases to fail closed - i.e. if any disruptive change happens in the reference data, the authenticator just changes the UVI instead of trying to tell whether the change was benign. I guess I'm mostly unsure about what the RP should do in this case, and how the issue gets remediated. For instance, in case of a UVI mismatch, does the RP ask the user to proof up? What happens the next time the user comes in with the "new" UVI? These are all RP questions of course, but it would be nice to think through one plausible flow. At a higher level still, I'm still not sure how to ensure this does not become a way for the authenticator to pass 32 bytes of whatever it wants to the RP, since the client has no way to tell if the value returned by the authenticator is a UVI or say an encrypted GPS coordinate. In this regard UVM seems more tractable. -- GitHub Notification of comment by vijaybh Please view or discuss this issue at https://github.com/w3c/webauthn/issues/156#issuecomment-238162167 using your GitHub account
Received on Monday, 8 August 2016 07:35:53 UTC