W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] Public Key Infrastructures and Web Authentication

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 18 Oct 2017 19:13:54 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-337698216-1508354033-sysbot+gh@w3.org>
scnario (1) in https://github.com/w3c/webauthn/issues/521#issue-248130789 is begging the question of "level of assurance (LOA)". Please see NIST SP-800-63-3 "Digital Identity Guidelines".

"identity" is out-of-scope for webauthn. we are just doing peer-entity authentication.  Whether a user "name" attribute supplied by a webauthn relying party (RP) during a registration ceremony has any assurance of "officialness" is the responsibility of said RP.  This is intersecting with webauthn but orthogonal.  Closing this issue. 

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/521#issuecomment-337698216 using your GitHub account
Received on Wednesday, 18 October 2017 19:13:55 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC