- From: snek via GitHub <sysbot+gh@w3.org>
- Date: Fri, 29 Jul 2022 22:00:56 +0000
- To: public-webauthn@w3.org
devsnek has just created a new issue for https://github.com/w3c/webauthn: == continuous assertion == sorry if this is a bit half-baked, i'm not a security expert, just a casual webauthn enjoyer. I had an idea, inspired a bit by smart cards, about some sort of flow where a client can continuously make assertions as long as a key is plugged in (vs having to prove user presence each time). Cookies or tokens can be leaked/stolen, so a server authenticating via a security key would seems appealing (for example, each http request that a single-page app makes being signed by the key). I don't know how the client would ask for permission from the user to make a series of assertions instead of just one in a way that makes sense to the lay user, hopefully people more experienced than me have thoughts here. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1785 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 29 July 2022 22:00:58 UTC