- From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
- Date: Wed, 28 Feb 2024 18:26:54 +0000
- To: public-webauthn@w3.org
timcappalli has just created a new issue for https://github.com/w3c/webauthn: == New Authenticator Extension: Time Since UV == ## Proposed Change As discussed on multiple working group calls, this will be an alternative approach to the user verification caching concerns raised by passkey providers and relying parties. This approach [**does not change the meaning or operation of user verification**](https://w3c.github.io/webauthn/#enum-userVerificationRequirement) and authenticators would still be required to respond truthfully about UV at the time of the ceremony. This extension, tentatively identified as `timeSinceUv`, will allow an authenticator to include the time since UV was performed. The value is expressed in milliseconds for consistency with the rest of the spec. Relying Parties who want the [UX benefits of UV preferred](https://passkeys.dev/docs/use-cases/bootstrapping/#a-note-about-user-verification), but would like additional context for post-authentication business logic can request the extension. ## Example **Request** UV = `preferred` Extensions = [ `timeSinceUv` ] **Authenticator State** User verification was performed 5 minutes ago **Response** UV = `false` Extension.timeSinceUv = timeSinceUv: 300000 Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2034 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 28 February 2024 18:26:55 UTC