W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2019

Re: [webauthn] Browser capability detection. (#1219)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 11 Jun 2019 17:06:42 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-500935950-1560272800-sysbot+gh@w3.org>
As was discussed on recent WG calls, I think that `isUserVerificationSupported` is really getting at whether the client supports PIN entry - because on-authenticator UV such as a fingerprint scanner requires no special support from the client, and UV on a platform authenticator is supported if and only if `isUVPAA()` returns true.

However: suppose we rename `isUserVerificationSupported` to `isPinEntrySupported`. Is that actually useful to the RP? What if the user wants to use a biometric authenticator? Since there's no way for the RP to control whether to use PIN or other UV, won't the RP have to resort to `userVerification: "preferred"/"required"` anyway?

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1219#issuecomment-500935950 using your GitHub account
Received on Tuesday, 11 June 2019 17:06:44 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:37 UTC