Re: [webauthn] Public Key Infrastructures and Web Authentication from =JeffH via GitHub on 2017-10-18 (public-webauthn@w3.org from October 2017)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 18 Oct 2017 19:13:54 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-337698216-1508354033-sysbot+gh@w3.org>

scnario (1) in https://github.com/w3c/webauthn/issues/521#issue-248130789 is begging the question of "level of assurance (LOA)". Please see NIST SP-800-63-3 "Digital Identity Guidelines".

"identity" is out-of-scope for webauthn. we are just doing peer-entity authentication.  Whether a user "name" attribute supplied by a webauthn relying party (RP) during a registration ceremony has any assurance of "officialness" is the responsibility of said RP.  This is intersecting with webauthn but orthogonal.  Closing this issue. 

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/521#issuecomment-337698216 using your GitHub account

Received on Wednesday, 18 October 2017 19:13:55 UTC