Pass FIDO2 conformance GetAssertion Resp-3 P-4/P-7 tests #199
Comments
|
This would benefit from #194, because of receiving the original options in the verification process. |
|
Splitting F-5 into it's own issue => #205 |
grzuy
changed the title
|
These P-4 and P-7 failures are strange to me... FIDO2 conformance tools expect server to succeed when UP is not set, while WebAuthn spec says UP must always be set in step 12. |
|
Already reported in fido-alliance/conformance-test-tools-resources#434. |
|
Still not sure how to proceed with this. I am currently trying to better understand what's the stance of the FIDO2 conformance tools about this matter. See fido-alliance/conformance-test-tools-resources#434. |
|
WebAuthn is using a subset of FIDO2 in an online browser, silent authentication is undesirable from a privacy perspective in this context. But for some scenarios (e.g. employees logged in to a POS system, a clerk at a bank, etc) you might want to silently re-authenticate every minute and automatically logout the user if that fails. I guess you could even preregister keys and send them to your customers and use it as a form of software copy protection that way. So the question is, do we want to support just WebAuthn or FIDO2? I'd lean towards the first for default settings but expose the knobs for people who know what they are doing. |
Agree. |
> F-5 Send a valid ServerAuthenticatorAssertionResponse with only authenticatorData.flags.UP is set, for userVerification set to "required", and check that the server returns an error(Moved to #205)The text was updated successfully, but these errors were encountered: