Re: [webauthn] Clarify relationships between "uv"/"up" of the CTAP spec and "userVerification"/"userPresence" (#1123) from Emil Lundberg via GitHub on 2018-12-18 (public-webauthn@w3.org from December 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 18 Dec 2018 11:50:20 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-448194709-1545133819-sysbot+gh@w3.org>

I agree this is suboptimal as currently written. As I recall, the construction of "Let _userPresence_ be a Boolean value set to the inverse of _userVerification_" was done in order to [align WebAuthn with CTAP][1] and get the desired behaviour, but looking back now at the CTAP archives it seems like I might just have misinterpreted those CTAP consent collection steps as exclusive branches instead of sequential steps.

>I will suggest we change the WebAuthN spec to:
"Let _userPresence_ be a Boolean value set to the inverse of _userVerification_." => "Let _userPresence_ be true."

I support this suggestion, but I think we probably can't do this before L2.

[1]: https://github.com/w3c/webauthn/pull/672#issue-150847119

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1123#issuecomment-448194709 using your GitHub account

Received on Tuesday, 18 December 2018 11:50:26 UTC