[webauthn] Location Extension and privacy from Yaron Sheffer via GitHub on 2016-09-17 (public-webauthn@w3.org from September 2016)

From: Yaron Sheffer via GitHub <sysbot+gh@w3.org>
Date: Sat, 17 Sep 2016 08:10:39 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-177563268-1474099836-sysbot+gh@w3.org>

yaronf has just created a new issue for 
https://github.com/w3c/webauthn:

== Location Extension and privacy ==
8.5: The Location Extension seems to conflict with privacy constraints
 in mobile operating systems, where a user can allow location 
information to each application. How do we allow the user to give 
consent to each RPID separately to access location data?
@vijaybh: Managing this is left up to the clients. Clients can strip 
this extension from sites that do not have permissions to location 
data.

I suggest to add Vijay's solution explicitly, e.g.: In many cases 
operating systems prevent applications from accessing the user's 
location information. If this is the case, the client MUST NOT forward
 this extension to the authenticator.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/208 using your GitHub account

Received on Saturday, 17 September 2016 08:10:54 UTC