Re: [webauthn] Clarify relationships between "uv"/"up" of the CTAP spec and "userVerification"/"userPresence" (#1123)

I agree this is suboptimal as currently written. As I recall, the construction of "Let _userPresence_ be a Boolean value set to the inverse of _userVerification_" was done in order to [align WebAuthn with CTAP][1] and get the desired behaviour, but looking back now at the CTAP archives it seems like I might just have misinterpreted those CTAP consent collection steps as exclusive branches instead of sequential steps.

>I will suggest we change the WebAuthN spec to:
"Let _userPresence_ be a Boolean value set to the inverse of _userVerification_." => "Let _userPresence_ be true."

I support this suggestion, but I think we probably can't do this before L2.


GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Tuesday, 18 December 2018 11:50:26 UTC