- From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
- Date: Wed, 27 Mar 2024 19:15:56 +0000
- To: public-webauthn@w3.org
> rather than the RP rejecting an assertion because all it could do was find out the time since last UV and then deciding it wasn't recent enough @sbweeden By requesting UV=preferred, you are stating that you will accept an assertion without user verification. If you will fail the login ceremony completely without UV, you should use UV=required. If you are OK with no UV, but need additional context for a risk engine (which may or may not ask for additional information), then you can use UV=preferred with this extension. -- GitHub Notification of comment by timcappalli Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2052#issuecomment-2023781884 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 27 March 2024 19:15:56 UTC