[webauthn] be explict about "same user" is verified at get() time as was verified at create() time from =JeffH via GitHub on 2017-06-07 (public-webauthn@w3.org from June 2017)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 07 Jun 2017 23:18:26 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-234369452-1496877505-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:

== be explict about "same user" is verified at get() time as was verified at create() time ==
this may involve some changes to the two main algorithms, and definitely should be mentioned in the user verification definition.  as @jyasskin notes in PR #460:
> Even if the authenticator can "distinguish individual users", it needs to record which user authorized create() and only sign credentials when the same user authorizes a get() call.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/493 using your GitHub account

Received on Wednesday, 7 June 2017 23:18:32 UTC