W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] credentials.get() should have optional parameters for userVerification and userPresence

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Fri, 13 Oct 2017 22:44:33 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-336584422-1507934658-sysbot+gh@w3.org>
By `UVNotRequired` proposal, RP can decide different authorization levels for user depending upon whether the signature contains UV bit or not for future not plugged in/TAP authenticators default behaviour. I am referring to a case where RP kind of says, tell me what you have and I will decide whether whether I will allow it or not and to what level.

With `UVRequired`, RP has to decide before hand what it wants which it can't do without knowing user/authenticator and will not be able to support different behavior.

-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/629#issuecomment-336584422 using your GitHub account
Received on Friday, 13 October 2017 22:44:20 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC