W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2017

Re: [webauthn] User Verification definition needs to be refined

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Feb 2017 18:34:40 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-282368183-1487961279-sysbot+gh@w3.org>
IMO it would be better to say something like "In other words, user 
verification and use of credential private keys must occur within a 
single logical security boundary" so we do not write in assumptions 
about authenticator construction. For example, you could do the two 
operations under different ROEs with an authenticated secure channel 
between them.

-- 
GitHub Notification of comment by vijaybh
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/357#issuecomment-282368183 
using your GitHub account
Received on Friday, 24 February 2017 18:34:49 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:19 UTC