- From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
- Date: Wed, 27 Mar 2024 15:43:46 +0000
- To: public-webauthn@w3.org
Don't understand the overall flow. Let's assume the RP is interested in 'fresh' user verification (i.e. timeSinceUv = 0). With this proposal, the RP would ask for timeSinceUv extension and likely for UV=required, now assume the passkey provider returns UV=1 and timeSinceUv = 10 minutes. Then what? RP is frustrated that the security policy cannot be met, but doesn't have a practical way to ask for a fresh user verification. -- GitHub Notification of comment by rlin1 Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2052#issuecomment-2023099259 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 27 March 2024 15:43:47 UTC