W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] Transaction authorization extensions are registration and authentication extension?

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Tue, 10 Oct 2017 12:51:09 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-335461886-1507639854-sysbot+gh@w3.org>
Yes, transaction confirmation in UAF is extended authentication operation. 
See followings description in UAF spec.

> UAF supports both methods; they are called "Authentication" and "Transaction Confirmation". The technical difference is, that with Authentication the user confirms a random challenge, where in the case of Transaction Confirmation the user also confirms a human readable content, i.e. the contract. >From a security point, in the case of authentication the application needs to be trusted as it performs any action once the authenticated communication channel has been established. In the case of Transaction Confirmation only the transaction confirmation display component implementing WYSIWYS needs to be trusted, not the entire application.


-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/621#issuecomment-335461886 using your GitHub account
Received on Tuesday, 10 October 2017 12:50:59 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC