Re: [webauthn] #getAssertion alg needs to pass authenticator selection requirements to authenticatorGetAssertion operation from Emil Lundberg via GitHub on 2017-10-25 (public-webauthn@w3.org from October 2017)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Oct 2017 14:15:32 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-339344258-1508940930-sysbot+gh@w3.org>

Actually it looks intentional to me - [§5.4.4 Authenticator Selection Criteria][spec] reads:

>**requireUserVerification**
>[...] If the parameter is set to true, the authenticator MUST perform user verification when performing the `create()` operation and future §5.1.4 Use an existing credential to make an assertion operations when it is requested to verify the credential.

Note the _and future "make an assertion" operations_.

[spec]: https://w3c.github.io/webauthn/#authenticatorSelection

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/644#issuecomment-339344258 using your GitHub account

Received on Wednesday, 25 October 2017 14:15:35 UTC