- From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
- Date: Thu, 09 May 2019 02:37:59 +0000
- To: public-webauthn@w3.org
Kieun has just created a new issue for https://github.com/w3c/webauthn: == Enforce specific user verification methods == RP would like to leverage specific user verification methods (UVMs) especially biometrics such as fingerprint, face, and etc. Even the authenticator may support multiple user verifications, RP wants to enforce the specific UVM. The reason for this is for RP is that RP already has some authentication schemes like online pattern or PIN (like payment services) and introduce WebAuthn as an alternative authentication methods. For usability (to avoid mislead), RP wants to disallow local pattern or PIN for the authentication. Because sometimes users cannot distinguish between online authentication and local authentication. This requirement is more about mobile use cases (web and native). FYI, Android and iOS have such kind of options (not to show fallback like passcode or PIN) for biometric authentication. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1211 using your GitHub account
Received on Thursday, 9 May 2019 02:38:00 UTC