- From: Fredrik Tolf via GitHub <sysbot+gh@w3.org>
- Date: Tue, 21 Feb 2023 13:30:28 +0000
- To: public-webauthn@w3.org
@emlun In my current implementation, I have in fact made challenges for conditional mediation unbounded in time. I think it would be quite weird if the login-prompt mysteriously stopped working just because the user leaves it alone for 15 minutes, and I would assume that that's what the link I referred to above means when it says "This is because removing the credentials from the autofill list at an arbitrary time would make for poor UX". With this information in hand, I can see that challenges lifetimes should perhaps not be unbounded, but I'd be hard pressed to see that they should be shorter than a day, and that seems like the least I could image. It is hardly strange to imagine a user leaving a log-in prompt dangling for a day, especially if you consider potential "passive" log-in prompts that are simply part of other pages but not necessarily expected to be used. -- GitHub Notification of comment by dolda2000 Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1856#issuecomment-1438495810 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 21 February 2023 13:30:29 UTC