Arshad Noor
Arshad Noor
You're welcome, Emil (@emlun). I concur that it may be too late to "close this barn door" now; but, whatever can be done to simplify descriptions, would be welcome. IMHO,...
I don't deny that User Verifying Platform Authenticators (UVPA) are likely to be the most effective way to get the vast majority of consumers to adopt FIDO. However, I also...
Hi David (@dwaite) Technically, this is an issue for Authenticator manufacturers who focus on CTAP and may be better off addressed at the FIDO-DEV mailing list on https://fidoalliance.org. Once a...
While the UX is definitely important, David, the W3C group may choose not to prioritize it since it does require new APIs to be defined to interact with the Authenticator...
I would add two more questions to the list, @rlin1: - How do RP's protect against a scalable attack/vulnerability on the "synched" implementation? - Who bears responsibility for violations to...
Hi Adam (@agl ), I concur with the use-case: that it is essential for Banks to receive digital signatures from Consumers directly when they're confirming a payment transaction at a...
> We are thinking in terms of the world outlined in #1637: consider a person who has their banking app on their phone and thus has a WebAuthn credential on...
> From the perspective of the Web Authentication group, a solution that assumes that RPs have to have a native app shouldn't be satisfying. And, if we're building an authentication...
While I do not deny that everybody benefits from _Transaction Confirmation_, there are many non-technical issues that need to be considered (some of which I highlighted earlier in this thread)....
I am familiar with that statement in the spec, Anders (@cyberphone); but, in that transaction the Merchant is attempting to get an _assertion_ from the Consumer. What we're discussing here...