- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 17 May 2023 12:39:22 +0000
- To: public-webauthn@w3.org
To this point platforms have not been interested in implementing UVM or UVI. Unless there are at least two browser vendors interested in implementing this it won't survive W3C review to make it into the Level 3 recommendation. With multi device passkey issues where the credential can be shared between devices with different biometrics and or Pins perhaps used by different family members. We also now have credential sharing between user accounts. If there is hesitation around DPK creating friction by causing step up when using a credential on a new device, then RP asking users to step up if they register a second finger on their phone or change the pin is probably not going to be popular with people looking to reduce friction for mass market acceptance. I think you are going to need to argue use cases. We all ready have technical solutions. You are going to need to argue why they or alternatives should be implemented. Outing something in the spec that is not deployed just causes confusion. I do understand why things like financial services may want this. Regards John B. -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1890#issuecomment-1551319258 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 17 May 2023 12:39:24 UTC