Re: [webauthn] Adds timeSinceUv extension (#2052) from Rolf Lindemann via GitHub on 2024-03-27 (public-webauthn@w3.org from March 2024)

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 Mar 2024 15:43:46 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2023099259-1711554224-sysbot+gh@w3.org>

Don't understand the overall flow.
Let's assume the RP is interested in 'fresh' user verification (i.e. timeSinceUv = 0).
With this proposal, the RP would ask for timeSinceUv extension and likely for UV=required, now assume the passkey provider returns UV=1 and timeSinceUv = 10 minutes. Then what?  RP is frustrated that the security policy cannot be met, but doesn't have a practical way to ask for a fresh user verification.

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2052#issuecomment-2023099259 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 27 March 2024 15:43:47 UTC