[Webkit-unassigned] [Bug 182893] [WebAuthN] Consider requiring user gestures for this API
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 31 13:56:28 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=182893
--- Comment #4 from Jiewen Tan <jiewen_tan at apple.com> ---
(In reply to Yuriy Ackermann (FIDO Alliance) from comment #2)
> Authenticators must do TUP/UV before every operation. The only check you
> must do is when attestation returned and its set DIRECT, then you must
> obtain consent from the user to return it to the server.
>
> Biometrics authenticators block fingerprint after 5 tries per security
> requirements
Thanks for your comment. I didn't see that user consent is needed for "DIRECT" attestation in the https://www.w3.org/TR/webauthn/ as of Aug 7th 2018. I know FireFox does this.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180831/a38b796b/attachment.html>
More information about the webkit-unassigned
mailing list