Re: [webauthn] continuous assertion (#1785)

> user presence and interaction is a really core part of how these devices work

Yes and no. At least CTAP2 actually can perform `getAssertion` without user presence (also called "silent authentication"), it's just that WebAuthn requires that browsers always set the "require UP" option. So we certainly _could_ devise a WebAuthn operation that, for example, an RP could call once a minute or so to get a silent assertion (but probably only after one with user presence).

But the use cases and specifics are quite muddy beyond that. The kind of integration with HTTP envisioned here seems closely related to ideas discussed in #1255, which so far haven't gained any traction either.

GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Tuesday, 2 August 2022 14:29:55 UTC