- From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
- Date: Thu, 13 Jun 2019 06:51:38 +0000
- To: public-webauthn@w3.org
Is `forbidden` about credential source or user verification? The original post is introducing `forbidden` instead of `discouraged` for credential source and the later discussion looks about UV. For require resident key option, why do we need `forbidden`? Is there any reasons for RP to only allow non-residential credential? Many of here understand that we don't need `forbidden` for rk. For UV, I know the intention for adding this where the RP doesn't need UV for the authentication. It's better to get motions from the authenticator vendors since this may affect their business. -- GitHub Notification of comment by Kieun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1149#issuecomment-501573306 using your GitHub account
Received on Thursday, 13 June 2019 06:51:39 UTC