- From: Marc Bornträger via GitHub <sysbot+gh@w3.org>
- Date: Mon, 23 Oct 2017 08:39:52 +0000
- To: public-webauthn@w3.org
@emlun thanks for your input. I’m happy I finally found the right place 😄 I think you misunderstood my use case. I neither want to rely on fingerprints alone nor should they be sent to the server. On registration the server will only communicate with encrypted data (based on the fingerprint data) with the client. On this basis the actual fingerprint data never leaves the client. I also think the fingerprint should never be stored on the server itself. I like the idea from @jyasskin. Are there possibilities where it matters how the client was securerly authenticated? Or is any other auth way as good as fingerprint? I just see the benefit of usability of fingerprint/face recognition. Think it’s definitely worth mentioning somewhere -- GitHub Notification of comment by BorntraegerMarc Please view or discuss this issue at https://github.com/w3c/webauthn/issues/659#issuecomment-338587979 using your GitHub account
Received on Monday, 23 October 2017 08:40:00 UTC