- From: Ranjiva Prasad via GitHub <sysbot+gh@w3.org>
- Date: Thu, 18 May 2023 12:28:55 +0000
- To: public-webauthn@w3.org
@emlun. I agree that UVI would meet the requirement. It is present in L1 of the spec but I don't see it in L2. https://www.w3.org/TR/webauthn-2/#sctn-defined-extensions Why did it drop out? Is it for reasons that @ve7jtb alluded i.e. no platform is implementing it. It appears to me that the UVI should be added to the UVMEntry. Very simple then for an RP to check whether the UVM changed between credential creation and subsequent usage. I have noticed that the L1 spec contained a large number of extensions. L2 and L3 draft have much fewer. Extensions not supported should be dropped. But @ve7jtb, UVM is there and so there is an opportunity to make it more useful to certain RPs. For certain highly regulated use cases, it is important for the RP to be in control of the experience as much as the platform. The end user expects it. An extension is a great mechanism to allow certain RPs to opt in to a different type of experience for their use cases. UVMEntry with a UVI would allow WebAuthn to support a wider range of use cases and so in my view, make platforms more likely to implement it because it increases their utility i.e. end users can do many more things than before -- GitHub Notification of comment by ranjivaprasadvisa Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1890#issuecomment-1552980981 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 18 May 2023 12:28:57 UTC