W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] First factor authenticator selection

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Mon, 16 Oct 2017 21:58:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-337055962-1508191089-sysbot+gh@w3.org>
So, at [#createCredential](https://w3c.github.io/webauthn/#createCredential) (aka `navigator.credentials.create()` aka `[[Create]]`) time, the RP will need to set both `options.authenticatorSelection.requireResidentKey` and `options.authenticatorSelection.requireUserVerification` to `true` in order to stipulate use of a first-factor (aka "passwordless") authenticator, yes? 

this is because by definition a first-factor authenticator is one that is capable of [user verification](https://w3c.github.io/webauthn/#user-verification). 

It will be helpful to address issue #422 and get the authenticator taxonomy formally defined. 

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/640#issuecomment-337055962 using your GitHub account
Received on Monday, 16 October 2017 21:58:11 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC