- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Wed, 25 Jan 2023 16:49:29 +0000
- To: public-webauthn@w3.org
Looks like there are corner cases with `preferred` which will make deploying PRF difficult for a relying party.
Some corner cases:
- For security keys supporting user verification but PIN has not been setup yet:
- Same Browser:
- Browser not setting up PIN which resulted in `preferred` evaluating to "without UV" at one point. Then user setup user verification out of band on the authenticator some other place. And next time, same evaluation resulting in "With UV"
- Different Browser
- Different browser having different behavior about whether it is setting PIN or not
- Platform Authenticator
- User moves from one device to another where `preferred` meaning has changed due to device properties in case of platform authenticator in case of syncing credential.
--
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1836#issuecomment-1403917131 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 25 January 2023 16:49:31 UTC