Re: [webauthn] credentials.get() should have optional parameters for userVerification and userPresence from Emil Lundberg via GitHub on 2017-10-13 (public-webauthn@w3.org from October 2017)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 13 Oct 2017 20:45:54 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-336562904-1507927539-sysbot+gh@w3.org>

@idamlaj Silent credential creation has been rejected before for precisely the reason you describe, but what's described here is specifically the authentication operation. Ad trackers thus won't be able to silently create credentials. There's also been talk of applying the same origin policy here as well, but I'm not sure where we currently stand on that.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/629#issuecomment-336562904 using your GitHub account

Received on Friday, 13 October 2017 20:45:42 UTC