- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Thu, 07 Feb 2019 22:50:57 +0000
- To: public-webauthn@w3.org
wrt @selfissued's https://github.com/w3c/webauthn/issues/1123#issuecomment-460800238: to try to clarify and set context: not supporting "silent authn" (i.e., a webauthn [authn ceremony](https://w3c.github.io/webauthn/#authentication-ceremony) lacking any user interaction) in webauthn (i.e., "on the _Web_" specifically, i.e., above the authenticator API (e.g., [CTAP](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html)) layer) has historically been justified on a _privacy_ basis. See the discussion regarding use cases and issues [here](https://github.com/w3c/webauthn/issues/199#issuecomment-341610771), and [here](https://github.com/w3c/webauthn/issues/199#issuecomment-341652447), and [here](https://github.com/w3c/webauthn/issues/199#issuecomment-431828344) from issue #199. AFAICT, [CTAP](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) presently implicitly supports so-called "silent authentication" if [`authenticatorGetAssertion`](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#authenticatorGetAssertion) is called with both `uv=false` and `up=false`. What might be the IOT-specific use cases ? Might they be addressed at the authenticator API level (e.g., [CTAP](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html)) and not at the Web level? -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1123#issuecomment-461625369 using your GitHub account
Received on Thursday, 7 February 2019 22:50:58 UTC