- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Thu, 15 May 2025 16:04:47 +0000
- To: public-webauthn@w3.org
Good points! @pascoej any thoughts on this? I think it could be reasonable for conditional registration to return `UV=1` if the client checked some authentication factor "equivalent to WebAuthn user verification" while it "recently mediated an authentication". For example: if a password manager was used to autofill a password and then do the conditional registration, and the passphrase/key/biometric/etc for the password vault is the same that the password manager would use for passkey UV, then I think you can argue those are "equivalent" and you could reasonably set `UV=1` in the conditional registration. I have not thought about how something like that could be expressed in spec language, though. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2295#issuecomment-2884355561 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 15 May 2025 16:04:48 UTC