W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2018

Re: [webauthn] clarification of UP/UV flags in authenticator data structure

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 12 Nov 2018 12:03:41 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-437855206-1542024220-sysbot+gh@w3.org>
Thanks for your proposal! I agree this is worthwhile clarifying, but I think it needs to be formulated differently to not open more opportunities for misunderstandings. With your proposal, the paragraph reads:

>The `UP` flag SHALL be set if and only if the authenticator detected a user through an authenticator specific gesture. The `RFU` bits SHALL be set to zero. The `UV` and `UP` flags MAY both be set if the authenticator verified a user.

This could be interpreted to mean that if the authenticator performed user verification, then it MAY set the `UV` flag. This should be that the `UV` flag MUST be set in that case, but that `UP` and `UV` MAY both be set at the same time. I'll draft an alternative proposal with reformulations to that effect.

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1108#issuecomment-437855206 using your GitHub account
Received on Monday, 12 November 2018 12:03:42 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:35 UTC