- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 04 May 2022 16:12:26 +0000
- To: public-webauthn@w3.org
There isn't a way to request a particular kind of UV, but there is the [`uvm` extension](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-uvm-extension) which, if the authenticator supports it, can report after the fact what kind of UV was performed. It may also be possible to use attestation to determine what kind of UV was done. You could then choose to reject assertions with an unsatisfactory UV method if you so wish. But I would ask you this: _why_ do you want this? Do you, for example, have a legal requirement to only allow biometrics, or is it coming from just a gut feeling that "biometrics is better"? PINs do have their drawbacks, as you note, but biometrics have drawbacks too. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1728#issuecomment-1117542386 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 4 May 2022 16:12:28 UTC