double check language regarding requiring authorization gesture #1215
Comments
|
We've defined the term "authorization gesture" to mean any kind of human confirmation, including a test of user presence which is still required in authenticatorMakeCredential, so the claim
is still true. However we could tie things together better by rephrasing the authenticator operations a bit, since they currently don't reference the "authorization gesture" term at all. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
given that we have the notions of effective user verification requirement for credential creation and effective user verification requirement for assertion, we ought to grep thru the spec for places where authorization gesture is mentioned and ensure that it is being employed accurately. For example, in section 5.1.4. Use an Existing Credential to Make an Assertion - PublicKeyCredential’s [[Get]](options) Method, there is this claim:
..which I do not believe is true any longer.
The text was updated successfully, but these errors were encountered: