W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2020

Re: [webauthn] Return authentication method used for platform types (#1373)

From: gcbenjamin via GitHub <sysbot+gh@w3.org>
Date: Tue, 18 Feb 2020 05:09:36 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-587281522-1582002575-sysbot+gh@w3.org>
I think I see the confusion, well, I got confused and had to read it a few times. The WebAuthn spec says 

> The authenticator sets the authenticator extension output to be one or more user verification methods indicating the method(s) used by the user to authorize the operation, as defined below. This extension can be added to attestation objects and assertions

Theres also a link through to the FIDO registry for UVMs [https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#user-verification-methods]. Reading this could maybe be interpreted as if the authenticator has the capability, set the flag. 

> The USER_VERIFY constants are flags in a bitfield represented as a 32 bit long integer. They describe the methods and capabilities of an UAF authenticator for locally verifying a user. The operational details of these methods are opaque to the server. These constants are used in the authoritative metadata for an authenticator, reported and queried through the UAF Discovery APIs, and used to form authenticator policies in UAF protocol messages.

-- 
GitHub Notification of comment by gcbenjamin
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1373#issuecomment-587281522 using your GitHub account
Received on Tuesday, 18 February 2020 05:09:37 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:37 UTC