-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recommend duration of challenge validity #1855
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought to suggest we frame "discouraged" vs "preferred"/"required" as "second-factor" vs "passwordless"/"passkeys", but maybe that framing is too "practical" to be included in the spec?
Anyway I think this looks good so I'm going ahead and approving.
Yes, I think that's a bit too much indirection. The reader has to do more work to relate those terms to the |
2023-03-22 WG call: conditional mediation makes this a bit complicated. We might change the API a bit to better support conditional mediation, holding off on this one until that's decided. |
index.bs
Outdated
|
||
If the [=[RP]=]'s [=user verification=] preference for the ceremony is | ||
|
||
<dl class="switch"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See also #1885 where I am proposing adjusting these ranges.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated to account for the changes in #1885.
I was thinking that this issue is blocked until #1856 is resolved. |
Oh right, I forgot. This should probably stay blocked then. This issue is on the agenda for today's WG meeting, we'll decide on that then. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
SHA: d4510f8 Reason: push, by emlun Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Fixes #1848.
Additions I also considered but decided against:
options.timeout
is requested. I think the recommendation of a "similar" timeout probably communicates that this is a vague limit with a lot of wiggle room for such things.navigator.credentials.{create,get}()
call or once per session? - so it might be more confusing than helpful.Preview | Diff