- From: soloturn via GitHub <sysbot+gh@w3.org>
- Date: Sun, 11 Apr 2021 19:11:23 +0000
- To: public-webauthn@w3.org
not understanding the discussion, i found some introduction here which describes the problem better: https://fy.blackhats.net.au/blog/html/2020/11/21/webauthn_userverificationpolicy_curiosities.html "In the meantime I swapped browsers from Firefox to Edge and started to notice some odd behaviour when logging into my corporate account - my yubikey began to ask me for my pin on every authentication, even though the key was registered to the corp servers without a pin. Yet the key kept working on Edge with a pin - and confusingly without a pin on Firefox. " and "Webauthn fully allows this. This is because user verification is a property of the request/response flow, not a property of the device. This creates some interesting side effects that become an opportunity for user confusion. (I was confused about what the behaviour was and I write a webauthn server and client library - imagine how other people feel …). " -- GitHub Notification of comment by soloturn Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1510#issuecomment-817357370 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Sunday, 11 April 2021 19:11:25 UTC