Re: [webauthn] credentials.get() should have optional parameters for userVerification and userPresence from Akshay Kumar via GitHub on 2017-10-13 (public-webauthn@w3.org from October 2017)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Fri, 13 Oct 2017 22:44:33 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-336584422-1507934658-sysbot+gh@w3.org>

By `UVNotRequired` proposal, RP can decide different authorization levels for user depending upon whether the signature contains UV bit or not for future not plugged in/TAP authenticators default behaviour. I am referring to a case where RP kind of says, tell me what you have and I will decide whether whether I will allow it or not and to what level.

With `UVRequired`, RP has to decide before hand what it wants which it can't do without knowing user/authenticator and will not be able to support different behavior.

-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/629#issuecomment-336584422 using your GitHub account

Received on Friday, 13 October 2017 22:44:20 UTC