- From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
- Date: Tue, 10 Oct 2017 12:51:09 +0000
- To: public-webauthn@w3.org
Yes, transaction confirmation in UAF is extended authentication operation. See followings description in UAF spec. > UAF supports both methods; they are called "Authentication" and "Transaction Confirmation". The technical difference is, that with Authentication the user confirms a random challenge, where in the case of Transaction Confirmation the user also confirms a human readable content, i.e. the contract. >From a security point, in the case of authentication the application needs to be trusted as it performs any action once the authenticated communication channel has been established. In the case of Transaction Confirmation only the transaction confirmation display component implementing WYSIWYS needs to be trusted, not the entire application. -- GitHub Notification of comment by Kieun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/621#issuecomment-335461886 using your GitHub account
Received on Tuesday, 10 October 2017 12:50:59 UTC