- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 21 Mar 2018 19:46:50 +0000
- To: public-webauthn@w3.org
emlun has just created a new issue for https://github.com/w3c/webauthn: == RP UP verification instruction is weird == [§7.1. Registering a new credential][reg] currently reads (and §7.2. Verifying an authentication assertion is analogous): >10. If user verification is required for this registration, verify that the User Verified bit of the `flags` in _authData_ is set. >11. If user verification is not required for this registration, verify that the User Present bit of the `flags` in _authData_ is set. This results in the following truth table: ``` UV req. | UP req? | UV res. | UP res. | Accept? ------------+---------+---------+---------+-------- discouraged | Yes | 0 | 0 | No discouraged | Yes | 0 | 1 | Yes discouraged | Yes | 1 | 0 | No discouraged | Yes | 1 | 1 | Yes preferred | Yes | 0 | 0 | No preferred | Yes | 0 | 1 | Yes preferred | Yes | 1 | 0 | No preferred | Yes | 1 | 1 | Yes required | No | 0 | 0 | No required | No | 0 | 1 | No required | No | 1 | 0 | Yes required | No | 1 | 1 | Yes ``` Note, for example, how UV `preferred` means that a response with `(UV=1, UP=0)` should be rejected. It would make more sense to let the UP requirement be defined by the UV _response_ instead of the UV _requirement_: ``` UV req. | UV res. | UP req? | UP res. | Accept? ------------+---------+---------+---------+-------- discouraged | 0 | Yes | 0 | No discouraged | 0 | Yes | 1 | Yes discouraged | 1 | No | 0 | Yes discouraged | 1 | No | 1 | Yes preferred | 0 | Yes | 0 | No preferred | 0 | Yes | 1 | Yes preferred | 1 | No | 0 | Yes preferred | 1 | No | 1 | Yes required | 0 | Yes | 0 | No required | 0 | Yes | 1 | No required | 1 | No | 0 | Yes required | 1 | No | 1 | Yes ``` [reg]: https://www.w3.org/TR/2018/CR-webauthn-20180320/#registering-a-new-credential Please view or discuss this issue at https://github.com/w3c/webauthn/issues/848 using your GitHub account
Received on Wednesday, 21 March 2018 19:46:58 UTC