Re: [webauthn] Divide Security/Privacy Considerations into subsections by audience? (#1039) from Bart via GitHub on 2019-06-16 (public-webauthn@w3.org from June 2019)

From: Bart via GitHub <sysbot+gh@w3.org>
Date: Sun, 16 Jun 2019 16:40:28 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-502467299-1560703227-sysbot+gh@w3.org>

One thing that confused me for a moment was the disconnect between these sections:
- https://www.w3.org/TR/webauthn/Overview.html#user-verification
- https://www.w3.org/TR/webauthn/Overview.html#sec-biometric-privacy

The biometric section covers only a subset of the user verification section, but it's much more easily found by skimming the table of contents. This may lead a casual reader to wonder whether only biometrics are done locally but a PIN is shared with the RP.

-- 
GitHub Notification of comment by bdewater
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1039#issuecomment-502467299 using your GitHub account

Received on Sunday, 16 June 2019 16:40:30 UTC