W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2020

Re: [webauthn] User verification policy leads to ambiguous usage situations. (#1510)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Mon, 02 Nov 2020 04:11:26 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-720225714-1604290285-sysbot+gh@w3.org>
residentKey doesn't provide uv=preferred though, that's unrelated. This is however as you say, about the password-less (the token provides the MFA capabilities) and the traditional token + pw scenario. And today the spec can't handle that, but if there is a credProps extension that *is* able to do per-authenticator user verification policies that would certainly work. Is this something that credProps can provide, or is this an opportunity to suggest that credProps should have a UV flag associated? 

At the moment I think I will have to have some UI/UX work around for this, but yes, I'd really like the situation of password-less + MFA considered. :) 

Thanks, 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1510#issuecomment-720225714 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 2 November 2020 04:11:27 UTC

This archive was generated by hypermail 2.4.0 : Monday, 2 November 2020 04:11:28 UTC