W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

Re: [webauthn] Clarify examples: 1.1.1. Registration / 1.1.2. Authentication

From: binaryanomaly via GitHub <sysbot+gh@w3.org>
Date: Thu, 19 Apr 2018 17:55:41 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-382825740-1524160541-sysbot+gh@w3.org>

The reason why I propose this clarification is that because when I read the examples initially, I got the impression that this would work in a similar manner like "Google 2-Step Verification phone prompts" https://support.google.com/accounts/answer/7026266 but with Secure enclave / PKI technology protected by biometrics - which would be nice. This seems not to be the case though with the current version because we have "only" NFC, BLE and USB available.

I could imagine though that from an end-user perspective it could be an advantage to have the protocol also available via a combination of TCP/IP backchannel and (push) notifications? as a trigger since not every device has NFC, BLE and plugging in USB is also a bit tedious/physically constrained.
Webauthentication and CTAP seem to be generic enough that this extension could be possible on top of it. Having this standardized could leverage adoption since as of today you would have to do this custom for every OS where as a standard would scale better for implementation.

I realize the last part is maybe a bit OT. It could be a possible extension for a future version or an Extension as in Chapter 9 though?

GitHub Notification of comment by binaryanomaly
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/874#issuecomment-382825740 using your GitHub account
Received on Thursday, 19 April 2018 17:55:50 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC