W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Consider dropping requirement for TUP on create()

From: balfanz via GitHub <sysbot+gh@w3.org>
Date: Thu, 14 Sep 2017 23:46:04 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-329638508-1505432755-sysbot+gh@w3.org>
I'm worried that the webauthn experience will be worse than existing mechanisms (TouchID, Fingerprints on Android) when addressing the same use cases. 

"Bypass your password next time you use this (web)app, and use your fingerprint instead" is such an existing use case. Today, users are used to just turn on this kind of feature, without having to show a test of user presence at that point.

re/ resident keys: any suggestions on how to address that? Resident keys on external Authenticators is a new use case, one where users don't have pre-conceived notions on how it should work.

-- 
GitHub Notification of comment by balfanz
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/564#issuecomment-329638508 using your GitHub account
Received on Thursday, 14 September 2017 23:45:58 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC