- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Wed, 27 Mar 2024 18:44:41 +0000
- To: public-webauthn@w3.org
> Is this a counter-proposal to the #2021 PR? If so, I prefer the semantics of #2021 which allows the RP to specify in extension input a preferred max time since last UV such that the authenticator/platform could choose to satisfy that policy by re-prompting for UV as part of the ceremony rather than the RP rejecting an assertion because all it could do was find out the time since last UV and then deciding it wasn't recent enough. I agree with you, #2021 is preferable from the RP's perspective. But going that route re-opens the can of worms that is, "add in ways to let RP's pre-fail a ceremony." Historically those proposals have gotten squashed pretty quickly in the name of maintaining user agency in these ceremonies. Should not #2021 be rejected for similar reasons? i.e. we can't let RP's fail the ceremony here if UV happened too long ago because then we'd have to allow other proposals for RP's to require more properties of a credential or authenticator be asserted by the client before the RP receives a response. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2052#issuecomment-2023700653 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 27 March 2024 18:44:41 UTC