Location Extension and privacy

[yaronf]

8.5: The Location Extension seems to conflict with privacy constraints in mobile operating systems, where a user can allow location information to each application. How do we allow the user to give consent to each RPID separately to access location data?
@vijaybh: Managing this is left up to the clients. Clients can strip this extension from sites that do not have permissions to location data.

I suggest to add Vijay's solution explicitly, e.g.: In many cases operating systems prevent applications from accessing the user's location information. If this is the case, the client MUST NOT forward this extension to the authenticator.

[UWDawgfan12]

I would agree that we should add this explicitly.

Thanks!!

-Rob

From: Yaron Sheffer [mailto:notifications@github.com]
Sent: Saturday, September 17, 2016 1:11 AM
To: w3c/webauthn webauthn@noreply.github.com
Subject: [w3c/webauthn] Location Extension and privacy (#208)

8.5: The Location Extension seems to conflict with privacy constraints in mobile operating systems, where a user can allow location information to each application. How do we allow the user to give consent to each RPID separately to access location data?
@vijaybhhttps://github.com/vijaybh: Managing this is left up to the clients. Clients can strip this extension from sites that do not have permissions to location data.

I suggest to add Vijay's solution explicitly, e.g.: In many cases operating systems prevent applications from accessing the user's location information. If this is the case, the client MUST NOT forward this extension to the authenticator.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHubhttps://github.com//issues/208, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ADqEcPcZEAI4veLsO2ZnST6c8lmRAgjsks5qq6B-gaJpZM4J_im9.

[bifurcation]

Though for the record, I think the resolution to #133 should have specific text to address this