W3C home > Mailing lists > Public > public-webauthn@w3.org > August 2022

Re: [webauthn] continuous assertion (#1785)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 02 Aug 2022 14:29:53 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1202697856-1659450591-sysbot+gh@w3.org>
> user presence and interaction is a really core part of how these devices work

Yes and no. At least CTAP2 actually can perform `getAssertion` without user presence (also called "silent authentication"), it's just that WebAuthn requires that browsers always set the "require UP" option. So we certainly _could_ devise a WebAuthn operation that, for example, an RP could call once a minute or so to get a silent assertion (but probably only after one with user presence).

But the use cases and specifics are quite muddy beyond that. The kind of integration with HTTP envisioned here seems closely related to ideas discussed in #1255, which so far haven't gained any traction either.

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1785#issuecomment-1202697856 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 2 August 2022 14:29:55 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 2 August 2022 14:29:56 UTC