- From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
- Date: Thu, 28 Mar 2024 22:41:13 +0000
- To: public-webauthn@w3.org
Here's a proposal based on the discussion and concerns expressed yesterday: When conditional create is used, UV and UP **MUST** be `0`/`false` unless UP or UV is performed as part of the WebAuthn ceremony. Conditional creation requests SHOULD use UV=preferred or UV=discouraged. As was mentioned during the discussion, since conditional creation is an opt in feature for RPs, so changes are required by the RP, and the RP's logic will need to match the use case and flow, which means accepting a response with UP=0 and UV=0. This balances the concerns about redefining UP and UV with the usability enhancements that are brought by conditional create. NOTE: there are CTAP changes that will need to be made, likely as part of CTAP 2.3, for this to be supported with security keys for feature/experience parity. -- GitHub Notification of comment by timcappalli Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1951#issuecomment-2026255945 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 28 March 2024 22:41:14 UTC