[webauthn] double check language regarding requiring authorization gesture (#1215)

• From: =JeffH via GitHub <sysbot+gh@w3.org>
• Date: Thu, 09 May 2019 17:48:06 +0000
• To: public-webauthn@w3.org
• Message-ID: <issues.opened-442355810-1557424084-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:

== double check language regarding requiring authorization gesture ==
given that we have the notions of [effective user verification requirement for credential creation](https://www.w3.org/TR/webauthn/#effective-user-verification-requirement-for-credential-creation) and [effective user verification requirement for assertion](https://www.w3.org/TR/webauthn/#effective-user-verification-requirement-for-assertion), we ought to grep thru the spec for places where  [authorization gesture ](https://www.w3.org/TR/webauthn/#authorization-gesture) is mention and ensure that it is being employed accurately. For example, in section [5.1.4. Use an Existing Credential to Make an Assertion - PublicKeyCredential’s [[Get]](options) Method](https://www.w3.org/TR/webauthn/#getAssertion), there is this claim:  
> since this specification requires an authorization gesture to create any credentials,

..which I do not believe is true any longer.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1215 using your GitHub account

Received on Thursday, 9 May 2019 17:48:07 UTC