Correct me if I am wrong, but FIDO (or WebAuthn) is the standard used by apple, Google, MS, etc.

I had suggested specifically calling out FIDO.  While these seem to be the focus of the NIST supplement, NIST used the generic "synchable authenticators."  My concern was, we are opening up a loophole in the criteria,  so we may want to be more restrictive.



Sent from my Verizon, Samsung Galaxy smartphone



-------- Original message --------
From: Carol Buttle <carol@kantarainitiative.org>
Date: 11/9/24 8:12 PM (GMT-05:00)
To: "Richard G. WILSHER (@Zygma Inc.)" <RGW@zygma.biz>
Cc: IA WG <wg-idassurance@kantarainitiative.org>
Subject: [WG-IDAssurance] Re: Draft Notice re. FIDO Passkeys

Hi Richard,

Thanks for this.
Are we only talking about FIDO here?
Are Apple or Google passkeys should they find their way in anymore assessable?

Carol


On Sat, Nov 9, 2024 at 12:41 AM Richard G. WILSHER (@Zygma Inc.) <RGW@zygma.biz> wrote:

Further to the action Jimmy gave me during yday’s IAWG call, pfa a first draft for comment of the notice which was proposed.

It has been back and forth between Jimmy and myself and is improved from yesterday’s hasty effort.  The list of applicable criteria is yet to be definitively produced, but I believe that the list is of secondary importance to the body of the notice, hence its early provision.

I will follow-up with a further version including the list, but that will be later into next week.

Bon weekend a tous,

 

Richard G. WILSHER
CEO & Founder,  Zygma Inc.
www.Zygma.biz
+1 714 797 9942

 

_______________________________________________
A Community Group mailing list of KantaraInitiative.org
WG-IDAssurance mailing list -- wg-idassurance@kantarainitiative.org
To unsubscribe send an email to staff@kantarainitiative.org
List archives --  https://mailman.kantarainitiative.org/hyperkitty/list/wg-idassurance@kantarainitiative.org/
______
Group wiki -- https://kantara.atlassian.net/wiki/spaces/WG-IDAssurance