W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2019

Re: [webauthn] Requiring user gesture to call WebAuthn API (#1293)

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Thu, 05 Sep 2019 08:21:29 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-528255779-1567671688-sysbot+gh@w3.org>
Some clarifying questions:
1. You referring to the UI rendered by the platforms (Browser/OS) as opposed to the UI rendered by the relying party, correct?
2. What do you mean with "user gesture restriction" (restricting the number of dialogs, or restricting the user gesture to a specific modality like Fingerprint, or something different)?  

Today, Firefox on Windows 10 will only trigger the Windows dialog for prompting the user gesture and selecting the modality.  Chrome on Windows will 
a) ask the user to confirm credential creation
b) trigger the Windows dialog for prompting the user gesture and selecting the modality
c) ask the user to accept "direct attestation" conveyance if that was select by the relying party.

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1293#issuecomment-528255779 using your GitHub account
Received on Thursday, 5 September 2019 08:21:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:07 UTC