Re: [webauthn] User verification policy leads to ambiguous usage situations. (#1510) from Firstyear via GitHub on 2021-01-21 (public-webauthn@w3.org from January 2021)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Thu, 21 Jan 2021 04:31:10 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-764273930-1611203469-sysbot+gh@w3.org>

> I truly believe the fundamental issue here is not with the specification's semantics, but with false assumptions.

Okay. In that case, please tell me how I can issue a webauthn authentication challenge to a client, where they have:

* A yubikey as a single factor, unverified device, and a password to be issued after
* A touchid factor, which is a verified authenticator that is sufficient to authenticate. 



-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1510#issuecomment-764273930 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 21 January 2021 05:05:00 UTC