W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

[webauthn] credentials.get() should have optional parameters for userVerification and userPresence

From: balfanz via GitHub <sysbot+gh@w3.org>
Date: Wed, 11 Oct 2017 20:32:43 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-264726173-1507753948-sysbot+gh@w3.org>
balfanz has just created a new issue for https://github.com/w3c/webauthn:

== credentials.get() should have optional parameters for userVerification and userPresence ==
When requesting an assertion from an Authenticator in `credentials.get()`, the RP should be able to specify whether a test of user presence is required, whether user verification is required, or whether neither is required (a "silent signature").

By default (i.e., when not mentioning either user verification or test of user presence), it should be assumed that test of user presence is required.

Proposal 1:
have a parameter `userPresence` with values `test`, `verify`, `none`, with default value `test`.

Proposal 2:
have two parameters:
- boolean parameter `requireUserVerification`, default value `false`
- boolean parameter `requireUserPresence`, default value `true`

Note that in this case, the combination `requireUserVerification = true` and `requireUserPresence = false` is invalid.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/629 using your GitHub account
Received on Wednesday, 11 October 2017 20:32:31 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC