W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2019

Re: [webauthn] Clarify relationships between "uv"/"up" of the CTAP spec and "userVerification"/"userPresence" (#1123)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Thu, 07 Feb 2019 22:50:57 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-461625369-1549579842-sysbot+gh@w3.org>
wrt @selfissued's https://github.com/w3c/webauthn/issues/1123#issuecomment-460800238: 

to try to clarify and set context: not supporting "silent authn" (i.e.,  a webauthn [authn ceremony](https://w3c.github.io/webauthn/#authentication-ceremony) lacking any user interaction) in webauthn (i.e., "on the _Web_" specifically,  i.e., above the authenticator API (e.g., [CTAP](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html)) layer) has historically been justified on a _privacy_  basis. See the discussion regarding use cases and issues [here](https://github.com/w3c/webauthn/issues/199#issuecomment-341610771), and [here](https://github.com/w3c/webauthn/issues/199#issuecomment-341652447), and [here](https://github.com/w3c/webauthn/issues/199#issuecomment-431828344) from issue #199.

AFAICT, [CTAP](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) presently implicitly supports so-called "silent authentication" if [`authenticatorGetAssertion`](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#authenticatorGetAssertion) is called with both `uv=false` and `up=false`.

What might be the IOT-specific use cases ? Might they be addressed at the authenticator API level (e.g., [CTAP](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html)) and not at the Web level?

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1123#issuecomment-461625369 using your GitHub account
Received on Thursday, 7 February 2019 22:50:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:02 UTC