Re: [webauthn] Biometric Criteria Extension from =JeffH via GitHub on 2018-02-05 (public-webauthn@w3.org from February 2018)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Mon, 05 Feb 2018 17:53:15 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-363164933-1517853194-sysbot+gh@w3.org>

building on @emlun's fine suggestion, we perhaps ought to add a pointer to where one might obtain such metadata (as we have done elsewhere in the spec):
> If the client supports this extension, it MUST NOT use a biometric authenticator whose FAR or FRR is not certified by an authoritative source to match the bounds as provided. For example, the FIDO Metadata Service [FIDOMetadataService] provides one way to access such information.

I note in [FIDO Metadata Service](https://fidoalliance.org/specs/fido-uaf-v1.2-rd-20171128/fido-metadata-statement-v1.2-rd-20171128.pdf) section 3.3 "BiometricAccuracyDescriptor dictionary" that there is provision for conveying FAR, FRR, ERR, FAAR and other applicable metadata values. 



-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/510#issuecomment-363164933 using your GitHub account

Received on Monday, 5 February 2018 17:54:20 UTC