Re: [webauthn] <new proposal> Extending WebAuthn Protocol for Remote Authentication (#1580)

@emlun 
Local authentication used as an alternative to passwords, but now there are many scenarios that go beyond passwords. For example, consider a user who logs on to a system by entering a user ID and password. The system uses the user ID to identify the user. The system authenticates the user at the time of logon by checking that the supplied password is correct. Identification is the ability to identify uniquely a user of a system or an application that is running in the system. Authentication is the ability to prove that a user or application is genuinely who that person or what that application claims to be. After years of work, we have replaced passwords authentication in many scenarios, while many scenarios require confirmation that we are real people. There are many identification applications for remote authentication. In that light, it's not enough for the authenticator to do verification locally. I'm not sure if you're aware of it or not.


-- 
GitHub Notification of comment by thedreamwork
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1580#issuecomment-804065471 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 22 March 2021 13:34:42 UTC